SoylentNews

-- OriginalOwner_ [tinyurl.com] writes:

Bleeping Computer reports South Korean Web Hosting Provider Pays $1 Million in Ransomware Demand [bleepingcomputer.com]

Nayana, a web hosting provider based in South Korea, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin, following a ransomware infection that encrypted data on customer' servers.

The ransomware infection appears has taken place on June 10, but Nayana admitted to the incident two days later, in a statement [nayana.com][1] on its website.

A Trend Micro analysis of the Nayana systems reveals endemic problems. It is no surprise that the hosting provider fell victim to this infection.

NAYANA's website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. [...] Additionally, NAYANA's website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known;[...]. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.

[1] 404

El Reg says

South Korean hosting co. pays $1M ransom to end eight-day outage [theregister.co.uk]

More than 150 servers were hit, hosting the sites of more than 3,400 mostly small business customers.

After a lengthy negotiation with the hackers, a demand for Bitcoin worth 5 billion won (nearly $4.4 million) was trimmed to around $1 million (397.6 Bitcoin), and the company paid up. The ransom was demanded in three [installments]; so far, two have been made.

Original Submission