A South Korean web hosting company struggles for survival after agreeing to pay a ransomware extortion of $1 million to hackers.
New Record for Ransomware
Nayana, the South Korean web hosting firm, suffered a ransomware attack that resulted in 153 infected Linux servers. The resulting data that was encrypted by the malware impacted approximately 3500 small business clients. The ransomware targeted files, databases, and video. The compromise shuttered the hosting firm’s services.
The attackers demanded a colossal recovery fee of over $4 million dollars. Negotiations brought that figure down to $1 million, to be paid in several installments. This is a new record payout for ransomware victims. Sadly, it will fuel even greater motivations by cybercriminals to continue to press forward with more brazen attacks.
Failure to Manage Cyber Risks
Ransomware is a well-known problem and one that continues to grow in popularity with cyber-criminals. The malware that infected Nayana was a variant of the Erebus ransomware, specifically designed for Linux. Nayana was behind on proper updates and patching, running vulnerable systems using an outdated Linux kernel complied in 2008.
Once Erebus was able to gain a foothold, its sophisticated encryption methods began undermining the integrity of files and making them unusable by their owners. Erebus uses the RSA algorithm to encrypt unique AES keys that lock each file. Decryption is very difficult, likely impossible with current methods, without the RSA private keys held by the attackers to unlock the files. This variant of ransomware can target over 400 different file types, including Microsoft Office documents, databases, and multimedia files, but it is most adept at encrypting web server data.
Many organizations believe that Linux is more secure than Windows thus creating a false sense of security. Potential victims can be lulled into complacency with patches, updates, backups, monitoring, response planning, and security staffing. It is only when they discover their delicate house of cards crash down, does the thought of better security seem like a prudent idea.
In reality, Linux and Windows are not impervious to ransomware. Diligence and attention is required to maintain a proper security posture.
A Company Crushed
This may be the end of Nayana. The web hosting company at the mercy of the ransomware hackers. Since June 10th, the company has been struggling to find ways to resolve the issue and ultimately decided to negotiate with the attackers. In a posting to customers (http://www.nayana.com/bbs/set_view.php?b_name=notice&w_no=957) Nayana reported the incident and attempts to restore data. In a second post on June 14th (http://www.nayana.com/bbs/set_view.php?b_name=notice&w_no=961) the CEO discussed the frustration and challenges of the issue. He even posted communications to the hackers, stating he expects his business will not recover.
The first installments of the ransom have reportedly been paid. File decryption and validation has begun, but it remains to be seen if customers will stay with Nayana or leave for other service providers.
Who is Next?
Every company, reliant on digital services, must take cyber and ransomware risks seriously. This level of digital extortion is a new record for ransomware, resulting in a new victim destroyed. It raises the bar, but will soon become the norm.
The trend is unmistakable. Cyber criminals are becoming more technologically savvy and bolder in the targets and demands they make. Driven by greed, they are recognizing the huge potential heists available in the cyber landscape. Robbing banks, casinos, and armored cars at gunpoint seems antiquated and too risky compared to the safety and anonymity of the Internet. The new digital frontier holds much greater promise with far fewer challenges. Cyber-attacks will only get worse.
Those who protect themselves with vigor and professional security will rise above the pool of easy victims that criminals will target first. Every organization has a choice. Managing cyber risks is a real challenge, but one that should not be ignored. Investments in security must be commensurate with the value of what is being protected.
This incident must be a wake-up call and lesson to other companies. Those organizations who take cybersecurity for granted may be the next fatality.
Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, and Steemit to hear insights and what is going on in cybersecurity.
TSMC’s First US Fab