Web host agrees to pay $1m after it’s hit by Linux-targeting ransomware

[NZLaurence]

A Web-hosting service recently agreed to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently.

 

As for how this Linux ransomware arrives, we can only infer that Erebus may have possibly leveraged vulnerabilities or a local Linux exploit. For instance, based on open-source intelligence, NAYANA’s website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. Security flaws like DIRTY COW that can provide attackers root access to vulnerable Linux systems are just some of the threats it may have been exposed to.

Additionally, NAYANA’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known; in fact, there was even a tool sold in the Chinese underground expressly for exploiting Apache Struts. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.

 

This should serve as a reminder that you need to patch all your servers, not just your windows ones. Remember, if you don't patch it, you don't own it.

 

Source: https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/

[Shreyas1]

I thought that you weren't supposed to pay the ransom?

[SansVarnic]

Im sure this is a repost?

 

I could have sworn I saw something yesterday that was posted about already ...

[vanished]

2 minutes ago, Shreyas1 said:

I thought that you weren't suppose to pay the ransom?

You're not.  It gives these people money so they can afford to keep doing this to more people, and shows them that it's a viable business.

Not to mention there's no guarantee they'll even do what they promised, or that they won't reinfect you in the future.

8 minutes ago, NZLaurence said:

[...]NAYANA’s website runs on Linux kernel 2.6.24.2,[...]

[NZLaurence]

14 minutes ago, SansVarnic said:

Im sure this is a repost?

 

I could have swarn I saw something yesterday that was posted about already ...

I though so too but I could not find it on here, hence the post.

 

Also I will have to correct the formatting as mobile fail.

[AnonymousGuy]

Quote

Company negotiators later managed to get the fee lowered

This is funny for 3 reasons.

 

You have money for negotiators but not to install free and easily applied patches.

 

What the fuck is their job?  "I've got a buddy that works in ransomware, let me have him come down and give a fair price".  "best I can do is $1M".

 

Does this happen often enough that they need to keep them on staff?

[Zodiark1593]

1 hour ago, Ryan_Vickers said:

You're not.  It gives these people money so they can afford to keep doing this to more people, and shows them that it's a viable business.

Not to mention there's no guarantee they'll even do what they promised, or that they won't reinfect you in the future.

If a ransomware comes after the fact, and backups are not made, there isn't much option for a company aside from paying the ransom. If the data is worth more substantially than the ransom (lack of backups aside), then a company probably will pay the ransom for that chance (however remote) of getting the data back vs not paying and having virtually zero chance.

 

Not defending any company here, as lack of backups for valuable data is not excusable, but this appears to be a fairly common occurrence.

[JoeCoke]

BBBBBB-B-B-B-BUT LINUX IS INVINCIBLE AND PERFECT AND HAS NO FLAWS!!!!! THIS IS MADE UP!

 

FAKE NEWS. SAD.

[Jito463]

I see a pink slip in someone's future.

[THE_maverick]

2 hours ago, NZLaurence said:

Remember, if you don't patch it, you don't own it.

 

 

Innuendo?

[Akolyte]

It's pretty common today for companies to do this.  Especially if they aren't making enough profit, which in turn means they can't afford to have good system administrators to update all the machines. 

 

Companies should realize it is critical to invest in simple security measures like patching servers and software.  You could also blame the administrators as well, or even management, if an administrator went to them suggesting they patch the servers. 

 

I think it's more common that we think for IT staff to suggest improvements and they get turned down, or management want them to make-do with what they currently have.  Effectively making it inevitable there will be a disaster.  I don't know about you, but I used to watch some of those airplane disaster shows, and most of the time there was a mechanical failure it was because the company decided to keep a breaking aircraft and repair it constantly until it finally gives, and breaks.

 

That is probably what happened here.  The stuffy, greedy executives wanted to keep insecure servers and make profits.  Even worse, they were forced to pay, so maybe the company DIDN'T have off-site backups?! Which is quite an alarming thought, you would think they would have off-site backups regardless of security.  

 

At least they are keeping security-people in demand.

[NZLaurence]

Its also possible that they had someone on staff who set it all up that then moved onto a new job. Management don't want to replace them with someone as good (expensive). The other staff go into a holding pattern, because 'it work right'.

 

I have seen that happen more then once with even medium sized companies. Often when the original guy was much better then their pay and left to much more money and they just weren't willing to pay what they should.

[SCHISCHKA]

i wonder what the staff turnover is like. Some executives treat system & network engineers as a nuisance. When a new CEO arrives the common theme is budget cuts to maximize shareholder return. This way the CEO gets a fat bonus and shareholders are happy. Its not the hardworkers who survive a budget cut, its the long serving ones with big pay cheques.

[Mooshi]

Imagine how much backup 1m could have bought. Prob a hell of a lot cheaper than paying these losers.

[captain_to_fire]

9 hours ago, NZLaurence said:

This should serve as a reminder that you need to patch all your servers, not just your windows ones. Remember, if you don't patch it, you don't own it.

Are they able to get a decryption key to recover their files? 

[samcool55]

50 minutes ago, Nertsy said:

Unfortunately, stories like this one will become more commonplace. Companies don't see the point of investing in proper backups (read: offline backups!). As long as it runs, the cheapest solution is usually the one that goes. 

 

Also, real DBAs and System Admins are expensive. 

Go to /r/talesfromtechsupport, sometimes a story like this appears.

Honestly CEO's or whatever should read some of them, maybe that will make them realise this is important...

 

Or just keep ignoring it until it all goes to sh*t.

 

Last story i read was about a company that had basically 0 protection for people entering the server room, CEO didn't care, few months later multiple millions worth of gear got stolen, room was almost completely empty... Suddenly the room was behind a bunch of protection, wonder why....

 

If there's 1 thing i learned is that it doesn't matter how much you earn nor what your position is, stupid people are everywhere.

[LAwLz]

7 hours ago, 2Buck said:

BBBBBB-B-B-B-BUT LINUX IS INVINCIBLE AND PERFECT AND HAS NO FLAWS!!!!! THIS IS MADE UP!

I don't think anyone has ever said that a GNU/Linux distro which hasn't been patched for 9 years, running software which hasn't been patched in 11 years will be impenetrable. 

[tlink]

7 hours ago, 2Buck said:

BBBBBB-B-B-B-BUT LINUX IS INVINCIBLE AND PERFECT AND HAS NO FLAWS!!!!! THIS IS MADE UP!

nobody is saying that. this is like saying that people saying windows 10 is the most secure OS yet are also saying that windows vista is the most secure OS yet, apples and oranges.

[JoeCoke]

5 hours ago, tlink said:

nobody is saying that. this is like saying that people saying windows 10 is the most secure OS yet are also saying that windows vista is the most secure OS yet, apples and oranges.

 

5 hours ago, LAwLz said:

I don't think anyone has ever said that a GNU/Linux distro which hasn't been patched for 9 years, running software which hasn't been patched in 11 years will be impenetrable. 

 

You'd both be surprised at what I've seen people say. You may not have seen someone say that, but I have. More than once. I mean, is it that hard to believe? The internet is full of stupidity.

[mynameisjuan]

153 servers with 3400 customers and not a single fucking backup. Their IT staff should be fired to be honest.

[jagdtigger]

On 2017. 06. 21. at 3:00 AM, 2Buck said:

BBBBBB-B-B-B-BUT LINUX IS INVINCIBLE AND PERFECT AND HAS NO FLAWS!!!!! THIS IS MADE UP!

 

FAKE NEWS. SAD.

Linux can be insecure too you know, if like in this case the company is dumb like hell. That kernel is ancient(and the software running on it as well i think). Try this with an up-todate and properly configured linux distro with SE-Linux enabled...

Edited June 22, 2017 by jagdtigger

[leadeater]

On 6/21/2017 at 4:49 PM, Mooshi said:

Imagine how much backup 1m could have bought. Prob a hell of a lot cheaper than paying these losers.

About 400TB of Commvault capacity license which will cost you $200k per year in maintenance/support, excluding required hardware

[sof006]

Paying a ransom makes you a more likely target in the future, they'll do it again knowing you'll pay up.

[vanished]

7 hours ago, sof006 said:

Paying a ransom makes you a more likely target in the future, they'll do it again knowing you'll pay up.

Also makes you look like a total fool to anyone "in the know".  No self-respecting tech-savvy person would be a customer there by choice in the future now.