Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

South Korean Web Host Running Obsolete Software Gets Pwned

posted by n1 on Friday June 23 2017, @05:43AM   Printer-friendly
from the dummies dept.

-- OriginalOwner_ writes:

Bleeping Computer reports South Korean Web Hosting Provider Pays $1 Million in Ransomware Demand

Nayana, a web hosting provider based in South Korea, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin, following a ransomware infection that encrypted data on customer' servers.

The ransomware infection appears has taken place on June 10, but Nayana admitted to the incident two days later, in a statement[1] on its website.

A Trend Micro analysis of the Nayana systems reveals endemic problems. It is no surprise that the hosting provider fell victim to this infection.

NAYANA's website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. [...] Additionally, NAYANA's website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known;[...]. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.

The Register reports:

South Korean hosting co. pays $1M ransom to end eight-day outage

More than 150 servers were hit, hosting the sites of more than 3,400 mostly small business customers.

After a lengthy negotiation with the hackers, a demand for Bitcoin worth 5 billion won (nearly $4.4 million) was trimmed to around $1 million (397.6 Bitcoin), and the company paid up. The ransom was demanded in three [installments]; so far, two have been made.

Original Submission

 
This discussion has been archived. No new comments can be posted.
South Korean Web Host Running Obsolete Software Gets Pwned | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Arik on Friday June 23 2017, @08:31AM (4 children)

    by Arik (4543) on Friday June 23 2017, @08:31AM (#529903) Journal
    Aaaand correct me if I'm wrong but the kernel doesn't appear to have been involved at all. Mention of it appears to be latest-greatest-idiot fearmongering.

    Apache was what was broken. An old version of Apache, yes, but additionally one without even security fixes. Running as ((nobody)).

    Cause, you know, it's so much easier to get it all working quickly that way.

    --
    If laughter is the best medicine, who are the best doctors?
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 3, Interesting) by TheRaven on Friday June 23 2017, @08:56AM (3 children)

    by TheRaven (270) on Friday June 23 2017, @08:56AM (#529912) Journal
    In the described configuration, Apache shouldn't have had write access to anything interesting for ransomware to attack, so it would need a privilege escalation vulnerability. Fortunately, that kernel version has a nice selection to choose from.
    --
    sudo mod me up

    • (Score: 1) by anubi on Friday June 23 2017, @10:33AM (2 children)

      by anubi (2828) on Friday June 23 2017, @10:33AM (#529951) Journal

      I believe things like this are precisely the reasons we need a very *simple* public general OS that is just about as hard to phkup as a hand-calculator.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

      • (Score: 2) by TheRaven on Friday June 23 2017, @10:50AM

        by TheRaven (270) on Friday June 23 2017, @10:50AM (#529959) Journal
        That's easy, as long as you want its functionality to be about as complicated as a hand calculator.
        --
        sudo mod me up

      • (Score: 2, Disagree) by tibman on Friday June 23 2017, @01:31PM

        by tibman (134) Subscriber Badge on Friday June 23 2017, @01:31PM (#530002)

        That might not be the OS you would use to serve the websites of 3,400 companies.

        --
        SN won't survive on lurkers alone. Write comments.