A South Korean web hosting company fell victim to ransomware hackers and had more than 150 of its servers compromised.
Hackers demanded an equivalent of AU$5.8-million in ransom, but after a week of negotiations both parties agreed a fee of around AU$1.3-million – to be paid in three installments. It’s been reported that two out of the three installments have been paid and the final installment is still being worked out.
RELATED ARTICLE: Here are 10 ways ransomware has most likely tried to attack you
The servers became encrypted by the Erebus Linux Ransomware – targetting only Linux computers it managed to infiltrate the web hosting company’s defences and cripple over 150 of its servers which serve 3,400 customers. In subsequent announcements the company updated clients on the server decryption process, saying the entire operation would take up to ten days due to the vast amount of encrypted data. Though they warn server-related issues could continue to persist over the next month.
Trend Micro analysed the compromised company’s systems and said there was no surprise the web hosting company fell victim to this ransomware, stating:
NAYANA’s website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. […] Additionally, NAYANA’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known;[…]. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.
Nayana are not the first or certainly not the last company to fall victim to ransomware hackers. The best advice is not to pay the ransom, but every incident is on a case by case basis. In Nayana’s case they simply didn’t defend themselves properly – especially being a web hosting company with over 3,000 clients.
RELATED ARTICLE: ‘Nigerian Princes’ snatch billions via fake emails
We wait with bated breath to see whether or not the hackers do indeed give back Nayana’s data and whether they won’t get compromised again.
IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditation’s including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007.
IntelliTeK are always up to date with the latest threats to emails and IT security which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.