back to article South Korean hosting co. pays $1m ransom to end eight-day outage

A South Korean web hosting company is forking out just over US$1 million to ransomware scum after suffering more than eight days of nightmare. Nayana first announced the attack on June 10, saying customer video files and its database had been encrypted, and promising to work to recover the data. More than 150 servers were hit …

  1. Anonymous Coward
    Anonymous Coward

    Dear customers...

    Due to an increase in [ahem] operating costs, our plans will be increasing in price by...

  2. Anonymous Coward
    Anonymous Coward

    Hate to say it but it's not going to end well.

  3. herman

    Who in his right mind will use them again anyway?

    1. GundarHarl

      They will have to prove compliance, fire and replace a few lazy sysadmins and layout a pile of money on new gear. To win back or retain customers, they will probably offer a more secure and better supported environment, so it might be okay to go there again if they show lessons were learned and the experience has made them tougher. Just saying... I run my own hosting service, update and replace operating systems every year or two, backup offsite constantly, manage as-built documentation... all the stuff I learnt from not doing that stuff. I could still get hit for sure with some malware, but I can just rebuild elsewhere in under a day.

  4. Black Rat
    Devil

    Strange, every web host has a 'force majeure' (it's not our fault / pixies ate the backups) clause in the hosting contract for just this sort of contingency. So one has to wonder where the pressure is coming from to pay up.

    1. 2460 Something
      Black Helicopters

      Wonder if they are hosing some government data?

    2. Anonymous Coward
      Anonymous Coward

      They may well have that clause, but the customer has a much more powerful one.

      FU I'm out of here.

  5. yoganmahew

    Legacy me hoop...

    Mainframes are legacy. This is modern shite on the cheap (no backups, no DR, no patching, no upgrades).

    1. Anonymous Coward
      Anonymous Coward

      Re: Legacy me hoop...

      Probably had backup solutions which were incorrectly configured, never tested and never verified.

      There a complacency in seeing green ticks on the screen, but if you never check the data is on the backup drives/tapes and check you can restore it successfully you've not really covered the basic requirement to backup.

    2. Anonymous Coward
      Joke

      Re: Legacy me hoop...

      They believed they were safe. They were using Linux and Apache, so they were told they weren't hackable. In fact, it's impossible. They didn't tell the true, all those systems have to be Windows and IIS to have been so thoroughly p0wned. If you use Linux, no one will attack you and succeed, it's written on the internet.

      1. Hans 1
        Holmes

        Re: Legacy me hoop...

        Software that has not been patched in 11 years is vulnerable to attack ...

  6. Anonymous South African Coward Bronze badge

    Ouch, that gonna impact their bottom line, and beancountery types will not be happy.

  7. Anonymous South African Coward Bronze badge

    Oh and.... they should feign difficulty in recovering some data, and ask the ne'er-do-wells to come and assist them, then once the ne'er-do-wells are in the DC, cuff them good and proper.

    1. Blotto Silver badge

      i doubt they have an sla, warranty or provide onsite support. If they do maybe they'd be better off hiring the scammers and binning their owns staff.

  8. Anonymous Coward
    Anonymous Coward

    meanwhile, in North Korea

    the glorious leader's got a couple of new toys. Every little helps.

  9. Fading
    Holmes

    Does this come under.....

    Funding criminal activity? Is the hosting company breaking international law by paying up?

  10. Anonymous Coward
    Anonymous Coward

    Blackmail

    Is there a case for making it illegal for companies to pay off these ransomware blackmailers? If it becomes very unlikely that the victim will pay up, then the business model of the blackmailers disappears.

    You could argue that while it may be financially rational for a particular business to pay off a blackmailer, in doing so they're making things worse for everyone else by encouraging and funding the criminals. Hence a justification for outlawing the practice.

    1. Anonymous Coward
      Anonymous Coward

      Re: Blackmail

      In that case everything will be done under the table.

      Compliance reporting will go down the drain, exposure of the events will never happen.

      Blame what has happened on the:

      - UPS

      - solar flares

      - the flux capacitor

      - wrong metal in the cables

      Plus imagine if not paying up results in patients dying due to lack of pharmacological information/etc.

      Too easy to just say 'outlaw the practice'.

      Instead put fines and custodial sentences of the top management of companies which had been had due to negligence.

      Suddenly there will be money to recruit/buy competent sysadmins/IPS/vulnerability scans/etc/ad nauseum.

      1. Anonymous Coward
        Anonymous Coward

        Re: Blackmail

        I think it's already the case that exposure doesn't happen. Companies are being blackmailed by attackers all the time, and an admission like Nayana's is an extreme rarity.

        Enforcement would be challenging, certainly. But dealing with these sorts of attacks involves a lot of people in a company, including techies at the coal face who aren't paid enough to commit a crime for their employer.

        There are all sorts of laws on data protection and other forms of compliance that companies can theoretically evade by everyone keeping their mouth shut, but that doesn't necessarily make such laws ineffective.

  11. mark l 2 Silver badge

    What happens if they ransomers fail to release the keys after they have paid up $1m? You can't put in a complaint.

    People who extort money from you can hardly be trusted on their word.

    1. Paul Crawford Silver badge

      Lets face it, they can probably decrypt the lot and come back in a couple of week's time to find the systems *still* vulnerable to being screwed over again.

      Lord, praise the profits!

  12. patrickstar

    The TrendMicro article makes a really stupid mistake: "Apache vulnerabilities and PHP exploits are well-known; in fact, there was even a tool sold in the Chinese underground expressly for exploiting Apache Struts."

    The Apache web server, which is what they run, is not related to Apache Struts in any way except for both being part of the Apache Software Foundation.

  13. Anonymous Coward
    Anonymous Coward

    "small business" video files

    Almost sounds like the South Korean pR0n industry was nearly brought to its knees. Figuratively - not literally.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like