Korean webhosting company pays $1 million to recover files from ransomware attack


#1

Originally published at: http://www.myce.com/news/korean-webhosting-company-pays-1-million-recover-files-ransomware-attack-82163/

The Korean hosting company Nayana has decided to pay a ransom of $1 million after being infected by the Erebus ransomware, that targets Linux servers. The malware encrypted 153 servers and 3,400 business websites, according to Japanese antivirus vendor Trend Micro.


#2

That’s horrendous!

All this does is encourage more of this type of crime as other cybercriminals will be hoping to hit the same jackpot. :angry:


#3

Fully agree @Wombler

This kind of blackmailing only works because people are willing to pay ransom instead of spending money on backing up data :angry:


#4

Its strange that they did not have any backup, I know that all major businesses keep somekind of daily backup, just in case something goes wrong,
I can imagine an webhost now having backups. What can I say, if I had any of their services, i would be looking elsewhere, they dont built a lot of confidence.


#5

The problem is the copies held in the backups are encrypted as well so if the ransomware waits a very long time before announcing its presence then potentially all the early enough backups have been overwritten.


#6

When i was in the army, I was one of the persons responsible for a backup, we used to backup everything on tape, and we did make a daily backups, so we had the option to go back as far as two weeks.
So I would assume that they should have some backup away form their main servers, just in case something like this happens, I guess I am wrong.


#7

@vroom
But if the ransomware was put on the server 3 months ago then you would still be out of luck, even using a 2 month old back up would restart the encryption process I believe .


#8

OK, but then it shows that whoever is responsible for security did not do a great job :stuck_out_tongue: