On June 10, 2017, the South Korean web hosting company, Nayana, were hit with a massive ransomware attack that took down more than 150 of their Linux hosting servers. The attack encrypted those servers, taking them out of Nayana’s control. The cyber criminals behind the attack held those servers for ransom. They promise to release control of the servers when the ransom is paid.
What is a Ransomware Attack?
A ransomware attack is when cyber criminals take control over hosting servers of a particular company by encrypting them so the hosting company can’t use them. Usually, when an attack is unleashed, it will go unnoticed for hours, days even. When it is finally noticed it’s because the company has been met with a screen telling them how they can get their servers back, and it has already spread from the initial machine or server to multiple servers. After the attackers gain control, they demand a specified payment. When paid, the cyber criminals then release control over the servers, giving them back to the web host. This crime is usually traceable, eventually. All money (credit cards or any electronic payments) leaves a trail, even if it’s a bumpy one that takes a lot of hard work and time to follow. However, the ransomware attackers in this situation decided to go with a less traceable, if not completely untraceable, route – bitcoin.
What is Bitcoin?
Bitcoin is a virtual cryptocurrency and payment system that has been around since 2009 when it was released as an open-source software created by an unknown programmer or group of programmers who are/is called Satoshi Nakamoto. It works much like any other currency, except that it uses computer power and is not moderated by a government. Bitcoin is simply run by the computers that are running the software. All transactions go directly from one account to another. No banks, no governments, no middle man, no transaction fees.
Subscribe for more blogs about Bitcoin, coming soon.
What Happened to Nayana?
Back to Nayana, the South Korean web hosting company who received some devastating ransomware. According to Nayana, the attackers first demanded 550 bitcoins to free the servers. At the time, 550 bitcoins equaled approximately $1.62 million. Nayana said they negotiated down to 397 bitcoins, which was approximately equivalent to $1 million at the time. The company paid the ransom in three separate payments.
The attackers gave Nayana decryption keys after receiving the payments. However, some servers were still having problems. All of Nayana’s employees were working around the clock to get their server data back. Nayana has admitted that security wasn’t a priority, which most likely made them a target for the attack. The web hosting company was working with data recovery firms to help extract the raw data from the servers.
This makes this the highest ransomware ever. Before this, the highest cost of one ransomware attack was just $28,730, a small amount in comparison. And before that, the average ransomware paid to get a server back was approximately $294, according to CNET.
“The software was a variant of a prior virus that was designed to target Windows machines and encrypt user content to hold for Bitcoin ransom. The new variant targeted Linux web servers and likely exploited either known kernel vulnerabilities of unpatched vulnerabilities in the Apache web server software or the PHP engine,” says Dr. Matthew Hudnall, Deputy Director of the Center for Advanced Public Safety at The University of Alabama.
Since this hit the news, bitcoin ransomware has become increasingly popular in ransomware attacks. Jerry Brito, Fortune.com writer, reminds us not to blame Bitcoin for the actions of some cyber criminals. “There is a vibrant developer community that is using open blockchain networks like Bitcoin to build out the future of Internet infrastructure and fundamentally improve the way we transact online. To allow a few bad actors to tarnish this innovative technology would be a mistake.”
What do you think about this ransomware attack?