Wednesday, June 21st 2017

South Korean Company Nayana to Pay $1 million in Bitcoin After Ransomware Attack

Ransomware has been seeing an increasing amount of interest in the tech world, motivated not only by the increase in number and severity of attacks, but also by the fact that some companies do elect to pay the demands. In this case, Nayana, a South Korean web hosting provider, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin. This decision comes following a ransomware infection that encrypted data on customer' servers. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.

The attackers initially asked for a ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After negotiating, the final amount came to 397.6 Bitcoin, which amounted to roughly $1 million at the time (Bitcoin is currently at $2744.56, so right now, those 397.6 Bitcoin are worth roughly $1.1 million dollars). The company has already paid two of the three payment tranches, and expects the decryption operation to take up to ten days due to the vast amount of encrypted data. If the data is liberated at all, that is, which can't really be counted upon, now can it?
This is just another case of Bitcoin being used as a payment method for this kind of ransoms. Cryptocurrencies are much harder to track than usual fiat currencies, take up a lot less space, and are increasing in value at an astounding pace (having recently reached a total of $100 billion dollars market cap. The ransomware was achieved through Erebus, and the ransom note stated that all files would be deleted in 96 hours should the ransom not be paid.

A TrendMicro report puts the blame on Nayana's security practices and software infrastructure, since "NAYANA's website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. [...] Additionally, NAYANA's website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known;[...]. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack." You should go on and read the report (in sources), since it does provide an interesting read that sheds some light on what exactly happened here.
Sources: Nayana, Bleeping Computer, ETeknix, TrendMicro
Add your own comment

19 Comments on South Korean Company Nayana to Pay $1 million in Bitcoin After Ransomware Attack

#1
Totally
I have nothing to say except LOL.
Posted on Reply
#2
5DVX0130
Money laundering and paying ransom. Pretty much what cryptocurrencies exist for.
Posted on Reply
#3
Prince Valiant
I guess they didn't have hard copies if they're paying the ransom.
Posted on Reply
#4
TheGuruStud
5DVX0130Money laundering and paying ransom. Pretty much what cash exists for.
FTFY. Goof ball. No reason to have SSL or VPNs, either. Clearly, it's all for nefarious purposes. Might as well kill P2P protocols. The damn pirates are literally the only ones using it.

Highly ironic claim of yours
amp.theguardian.com/world/2011/apr/03/us-bank-mexico-drug-gangs
And they're not the only ones. They just got caught.
Posted on Reply
#5
kn00tcn
5DVX0130Money laundering and paying ransom. Pretty much what cryptocurrencies exist for.
pretty much what the concepts of money/wealth/greed are for...
Posted on Reply
#6
fullinfusion
Vanguard Beta Tester
Lol sux for them I guess..and another reason to drive the nail into the mining coffin and straight out ban it.
Posted on Reply
#7
0x4452
I wonder if the Ethereum contracts allow the money to be returned if the files are not decrypted?
Posted on Reply
#8
natr0n
These people who make the ransomware have no conscience. They dont realize they will face judgment one day.
Posted on Reply
#9
TheGuruStud
natr0nThese people who make the ransomware have no conscience. They dont realize they will face judgment one day.
That's a myth perpetuated by the criminal elite (and the ignorant) to "turn the cheek."
What better way to gain more power than to have people believe there is justice at some point, so they take no action. It's easy to see why it goes hand in hand with the largest myth of all time.
Posted on Reply
#10
Prima.Vera
:laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh:
:banghead:
Posted on Reply
#11
natr0n
TheGuruStudThat's a myth perpetuated by the criminal elite (and the ignorant) to "turn the cheek."
What better way to gain more power than to have people believe there is justice at some point, so they take no action. It's easy to see why it goes hand in hand with the largest myth of all time.
Atheism is a religion. ;)
Posted on Reply
#12
johnspack
Here For Good!
Jeez, it's working on linux servers? The ones that host 90% of the web? That's nice.....
Posted on Reply
#13
Prince Valiant
johnspackJeez, it's working on linux servers? The ones that host 90% of the web? That's nice.....
As per the report:
A TrendMicro report puts the blame on Nayana's security practices and software infrastructure, since "NAYANA's website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. [...] Additionally, NAYANA's website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006.
I don't imagine it's a widespread issue. I don't care for the constant front-end/UI changes of websites but using an over decade old back-end is just :S.
Posted on Reply
#14
xenocide
Ransomware is hitting a lot of big name companies hard. My employer just got smacked with it at a few sites, and the exact one we got hit with also affected Toyota, Nissan, Honda, the Chinese and Indian Governments, and about 2 dozen other places. Those are just the ones that have come forward and admitted it, I imagine the list of companies that have dealt with it is wayyyyyy longer than that.

EDIT: Estimates are 200,000 systems across 150 countries, and that was as of May 15. I know we say ~20 systems at the site I work at, and this was 2 days ago.
Posted on Reply
#15
R-T-B
5DVX0130Money laundering and paying ransom. Pretty much what cryptocurrencies exist for.
Much more transactions happen legitimately every day.

As for money laundering, pretty sure the USD is still the tool of choice.
Posted on Reply
#16
Totally
R-T-BMuch more transactions happen legitimately every day.

As for money laundering, pretty sure the USD is still the tool of choice.
Figured it would be unappealing due to the need to get personal due to it's nature, compared to digital currency where it "miles of wire" between the perpetrator and the crime.
Posted on Reply
#17
R-T-B
TotallyFigured it would be unappealing due to the need to get personal due to it's nature, compared to digital currency where it "miles of wire" between the perpetrator and the crime.
So your issue is with the "currency over the internet" bit?

You do realize there are irreversable types of wire transfers right?
Posted on Reply
#18
Totally
R-T-BSo your issue is with the "currency over the internet" bit?

You do realize there are irreversable types of wire transfers right?
I am aware but the veil of anonymity doesn't hold up if certain entities come looking. The Achilles heel of cash laundering was getting caught in the act usu. the only way to prove it in most cases, currency over the net is the best of both worlds.
Posted on Reply
#19
R-T-B
TotallyI am aware but the veil of anonymity doesn't hold up if certain entities come looking. The Achilles heel of cash laundering was getting caught in the act usu. the only way to prove it in most cases, currency over the net is the best of both worlds.
International banking law is almost as convoluted and unreliable as the bitcoin blockchain is for tracking individuals, frankly.
Posted on Reply
Add your own comment
Dec 22nd, 2024 09:05 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts