back to article VESK coughs up £18k in ransomware attack

Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week. VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am. This virus was a new strain of the Samas DR ransomware, …

  1. Steven Roper

    If I had my way

    The entire senior management of any organisation who paid a ransom to these bastards would be charged with financing organised crime, and would be looking at lengthy stretches at Her Majesty's leisure. There is a very good reason our authorities do not negotiate with terrorists, and why they do not pay ransoms for kidnapped expats.

    This lot even admitted they had backups. So why was it necessary to pay these vermin? Re-image your machines and replace the missing data, and swallow the cost as an object lesson in sound security procedures.

    1. MyffyW Silver badge

      Re: If I had my way

      I suspect the backup was less than impressive. I would not be happy as a customer knowing my supplier had paid the ransom - it just begs the question when the next snafu will be along.

  2. lansalot

    Unsafe computing practices, plus people with too much access = customers affected.

    Nice work indeed...

    Still, at least the ransomers know who to target in the future!

  3. Stuart Halliday

    As a humble domestic user who has a substantial amount of data backed up onto USB drives and which is freely available to my backup software on demand. I'd like to know how I can make my backup software give a username/password to gain access to the device and not any other process.

    Suggesting?

    1. Anonymous Coward
      Anonymous Coward

      Rather than USB, get a cheap NAS (or format your USBs with a permission based filing system) and then set permissions for the backup software to access it only. Don't run any other mappings to the drive, make sure the NAS Admin user is not accessible using the same tokens as any other current user of the system.

      If something happens to the Backup user you can always access directly from the NAS interface (although if just using for local backup do not allow an external connection to the NAS at all).

      You can also look at versioning as well so if the worst happens only the latest backup gets borked and you have older copies available.

      1. Anonymous Coward
        Anonymous Coward

        As above (upvoted Sir) and for that bit extra use that USB drive you have to back up any really important stuff from the NAS, belt and braces.

  4. Anonymous Coward
    Anonymous Coward

    A password won't make much difference, anything connected to the computer, hard drive, usb drive, network drive, dropbox drive etc could be targeted.

    Personally I have a small linux box with a USB drive with an external usb drive which connects to my windows machine using ftp (or something similar can't quite remember how I id it now) and downloads the lastest backup (created by storagecraft shadow protect - a monthly full image and an incremental every 4 hours) using a simple perl script. It also copies backups from linux boxes in a similar manner.

    If my windows machine gets encrypted I would hope to lose no more than 4 hours data from the point of infection.

    My most important data also gets copied to DVD once per month, one copy at the office, one at home.

  5. This post has been deleted by its author

  6. drsolly

    "Because this was a new strain, VESKs antivirus provider Sophos had not yet been updated to detect it - something other antivirus providers were also yet to do."

    Antivirus was great against viruses. But that's not the threat now. The threat is malware sent by email, or in malvertising. If you take one of the malware-carrying emails (I get hundreds each week) and show it to virustotal.com, then typically the malware might be detected by 10% of products.

    You should not rely on antivirus to protect you from non-virus types of malware.

  7. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    Vesk are not having a great time. Surprised the article didn't reference the complete screw up of their data centres that el Reg had reported on a few weeks ago.

    http://www.channelregister.co.uk/2016/09/05/vesk_removes_100_uptime_claim_after_outage/

  9. Vince

    I'm finding it hard to believe that they did have good backups frankly. If you did, why would you give a toss about paying the ransom?

    Still on the other hand, I think I might try and get on the VESK supplier list, reckon I could sell them the same stuff twice with ease.

  10. 2Fat2Bald

    Great. So encourage them, why don't you?

    Sounds to me like Vesk's backup plan was not all it should be.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020