Korean webhosting company pays $1 million to recover files from ransomware attack

Originally published at: http://www.myce.com/news/korean-webhosting-company-pays-1-million-recover-files-ransomware-attack-82163/

The Korean hosting company Nayana has decided to pay a ransom of $1 million after being infected by the Erebus ransomware, that targets Linux servers. The malware encrypted 153 servers and 3,400 business websites, according to Japanese antivirus vendor Trend Micro.

That’s horrendous!

All this does is encourage more of this type of crime as other cybercriminals will be hoping to hit the same jackpot. :angry:

Fully agree @Wombler

This kind of blackmailing only works because people are willing to pay ransom instead of spending money on backing up data :angry:

Its strange that they did not have any backup, I know that all major businesses keep somekind of daily backup, just in case something goes wrong,
I can imagine an webhost now having backups. What can I say, if I had any of their services, i would be looking elsewhere, they dont built a lot of confidence.

The problem is the copies held in the backups are encrypted as well so if the ransomware waits a very long time before announcing its presence then potentially all the early enough backups have been overwritten.

When i was in the army, I was one of the persons responsible for a backup, we used to backup everything on tape, and we did make a daily backups, so we had the option to go back as far as two weeks.
So I would assume that they should have some backup away form their main servers, just in case something like this happens, I guess I am wrong.

@vroom
But if the ransomware was put on the server 3 months ago then you would still be out of luck, even using a 2 month old back up would restart the encryption process I believe .

OK, but then it shows that whoever is responsible for security did not do a great job :stuck_out_tongue: