back to article South Korean hosting co. pays $1m ransom to end eight-day outage

A South Korean web hosting company is forking out just over US$1 million to ransomware scum after suffering more than eight days of nightmare. Nayana first announced the attack on June 10, saying customer video files and its database had been encrypted, and promising to work to recover the data. More than 150 servers were hit …

Anonymous Coward

Dear customers...

Due to an increase in [ahem] operating costs, our plans will be increasing in price by...

10
0
Anonymous Coward

Hate to say it but it's not going to end well.

2
0
Bronze badge

Who in his right mind will use them again anyway?

6
0

They will have to prove compliance, fire and replace a few lazy sysadmins and layout a pile of money on new gear. To win back or retain customers, they will probably offer a more secure and better supported environment, so it might be okay to go there again if they show lessons were learned and the experience has made them tougher. Just saying... I run my own hosting service, update and replace operating systems every year or two, backup offsite constantly, manage as-built documentation... all the stuff I learnt from not doing that stuff. I could still get hit for sure with some malware, but I can just rebuild elsewhere in under a day.

1
0
Devil

Strange, every web host has a 'force majeure' (it's not our fault / pixies ate the backups) clause in the hosting contract for just this sort of contingency. So one has to wonder where the pressure is coming from to pay up.

2
0
Silver badge
Black Helicopters

Wonder if they are hosing some government data?

1
0
Silver badge

They may well have that clause, but the customer has a much more powerful one.

FU I'm out of here.

2
0

Legacy me hoop...

Mainframes are legacy. This is modern shite on the cheap (no backups, no DR, no patching, no upgrades).

4
0
Anonymous Coward

Re: Legacy me hoop...

Probably had backup solutions which were incorrectly configured, never tested and never verified.

There a complacency in seeing green ticks on the screen, but if you never check the data is on the backup drives/tapes and check you can restore it successfully you've not really covered the basic requirement to backup.

2
0
LDS
Silver badge
Joke

Re: Legacy me hoop...

They believed they were safe. They were using Linux and Apache, so they were told they weren't hackable. In fact, it's impossible. They didn't tell the true, all those systems have to be Windows and IIS to have been so thoroughly p0wned. If you use Linux, no one will attack you and succeed, it's written on the internet.

0
0
Silver badge
Holmes

Re: Legacy me hoop...

Software that has not been patched in 11 years is vulnerable to attack ...

0
0
Silver badge

Ouch, that gonna impact their bottom line, and beancountery types will not be happy.

1
0
Silver badge

Oh and.... they should feign difficulty in recovering some data, and ask the ne'er-do-wells to come and assist them, then once the ne'er-do-wells are in the DC, cuff them good and proper.

0
0
Bronze badge

i doubt they have an sla, warranty or provide onsite support. If they do maybe they'd be better off hiring the scammers and binning their owns staff.

1
0
Anonymous Coward

meanwhile, in North Korea

the glorious leader's got a couple of new toys. Every little helps.

1
0
Holmes

Does this come under.....

Funding criminal activity? Is the hosting company breaking international law by paying up?

0
0
Anonymous Coward

Blackmail

Is there a case for making it illegal for companies to pay off these ransomware blackmailers? If it becomes very unlikely that the victim will pay up, then the business model of the blackmailers disappears.

You could argue that while it may be financially rational for a particular business to pay off a blackmailer, in doing so they're making things worse for everyone else by encouraging and funding the criminals. Hence a justification for outlawing the practice.

4
0
Anonymous Coward

Re: Blackmail

In that case everything will be done under the table.

Compliance reporting will go down the drain, exposure of the events will never happen.

Blame what has happened on the:

- UPS

- solar flares

- the flux capacitor

- wrong metal in the cables

Plus imagine if not paying up results in patients dying due to lack of pharmacological information/etc.

Too easy to just say 'outlaw the practice'.

Instead put fines and custodial sentences of the top management of companies which had been had due to negligence.

Suddenly there will be money to recruit/buy competent sysadmins/IPS/vulnerability scans/etc/ad nauseum.

0
1
Anonymous Coward

Re: Blackmail

I think it's already the case that exposure doesn't happen. Companies are being blackmailed by attackers all the time, and an admission like Nayana's is an extreme rarity.

Enforcement would be challenging, certainly. But dealing with these sorts of attacks involves a lot of people in a company, including techies at the coal face who aren't paid enough to commit a crime for their employer.

There are all sorts of laws on data protection and other forms of compliance that companies can theoretically evade by everyone keeping their mouth shut, but that doesn't necessarily make such laws ineffective.

0
1
Silver badge

What happens if they ransomers fail to release the keys after they have paid up $1m? You can't put in a complaint.

People who extort money from you can hardly be trusted on their word.

0
0
Silver badge

Lets face it, they can probably decrypt the lot and come back in a couple of week's time to find the systems *still* vulnerable to being screwed over again.

Lord, praise the profits!

0
0
Bronze badge

The TrendMicro article makes a really stupid mistake: "Apache vulnerabilities and PHP exploits are well-known; in fact, there was even a tool sold in the Chinese underground expressly for exploiting Apache Struts."

The Apache web server, which is what they run, is not related to Apache Struts in any way except for both being part of the Apache Software Foundation.

0
0
Anonymous Coward

"small business" video files

Almost sounds like the South Korean pR0n industry was nearly brought to its knees. Figuratively - not literally.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017