• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

South Korean Company Nayana to Pay $1 million in Bitcoin After Ransomware Attack

Raevenlord

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.16/day)
Location
Portugal
System Specs
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
Ransomware has been seeing an increasing amount of interest in the tech world, motivated not only by the increase in number and severity of attacks, but also by the fact that some companies do elect to pay the demands. In this case, Nayana, a South Korean web hosting provider, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin. This decision comes following a ransomware infection that encrypted data on customer' servers. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.

The attackers initially asked for a ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After negotiating, the final amount came to 397.6 Bitcoin, which amounted to roughly $1 million at the time (Bitcoin is currently at $2744.56, so right now, those 397.6 Bitcoin are worth roughly $1.1 million dollars). The company has already paid two of the three payment tranches, and expects the decryption operation to take up to ten days due to the vast amount of encrypted data. If the data is liberated at all, that is, which can't really be counted upon, now can it?





This is just another case of Bitcoin being used as a payment method for this kind of ransoms. Cryptocurrencies are much harder to track than usual fiat currencies, take up a lot less space, and are increasing in value at an astounding pace (having recently reached a total of $100 billion dollars market cap. The ransomware was achieved through Erebus, and the ransom note stated that all files would be deleted in 96 hours should the ransom not be paid.

A TrendMicro report puts the blame on Nayana's security practices and software infrastructure, since "NAYANA's website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. [...] Additionally, NAYANA's website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known;[...]. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack." You should go on and read the report (in sources), since it does provide an interesting read that sheds some light on what exactly happened here.

View at TechPowerUp Main Site
 
Last edited:
I have nothing to say except LOL.
 
Money laundering and paying ransom. Pretty much what cryptocurrencies exist for.
 
Lol sux for them I guess..and another reason to drive the nail into the mining coffin and straight out ban it.
 
I wonder if the Ethereum contracts allow the money to be returned if the files are not decrypted?
 
These people who make the ransomware have no conscience. They dont realize they will face judgment one day.
 
natr0n said:
These people who make the ransomware have no conscience. They dont realize they will face judgment one day.
Click to expand...

That's a myth perpetuated by the criminal elite (and the ignorant) to "turn the cheek."
What better way to gain more power than to have people believe there is justice at some point, so they take no action. It's easy to see why it goes hand in hand with the largest myth of all time.
 
:laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh::laugh:
:banghead:
 
TheGuruStud said:
That's a myth perpetuated by the criminal elite (and the ignorant) to "turn the cheek."
What better way to gain more power than to have people believe there is justice at some point, so they take no action. It's easy to see why it goes hand in hand with the largest myth of all time.
Click to expand...

Atheism is a religion. ;)
 
Jeez, it's working on linux servers? The ones that host 90% of the web? That's nice.....
 
johnspack said:
Jeez, it's working on linux servers? The ones that host 90% of the web? That's nice.....
Click to expand...
As per the report:
A TrendMicro report puts the blame on Nayana's security practices and software infrastructure, since "NAYANA's website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. [...] Additionally, NAYANA's website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006.
Click to expand...

I don't imagine it's a widespread issue. I don't care for the constant front-end/UI changes of websites but using an over decade old back-end is just :S.
 
Ransomware is hitting a lot of big name companies hard. My employer just got smacked with it at a few sites, and the exact one we got hit with also affected Toyota, Nissan, Honda, the Chinese and Indian Governments, and about 2 dozen other places. Those are just the ones that have come forward and admitted it, I imagine the list of companies that have dealt with it is wayyyyyy longer than that.

EDIT: Estimates are 200,000 systems across 150 countries, and that was as of May 15. I know we say ~20 systems at the site I work at, and this was 2 days ago.
 
5DVX0130 said:
Money laundering and paying ransom. Pretty much what cryptocurrencies exist for.
Click to expand...

Much more transactions happen legitimately every day.

As for money laundering, pretty sure the USD is still the tool of choice.
 
R-T-B said:
Much more transactions happen legitimately every day.

As for money laundering, pretty sure the USD is still the tool of choice.
Click to expand...

Figured it would be unappealing due to the need to get personal due to it's nature, compared to digital currency where it "miles of wire" between the perpetrator and the crime.
 
Totally said:
Figured it would be unappealing due to the need to get personal due to it's nature, compared to digital currency where it "miles of wire" between the perpetrator and the crime.
Click to expand...

So your issue is with the "currency over the internet" bit?

You do realize there are irreversable types of wire transfers right?
 
R-T-B said:
So your issue is with the "currency over the internet" bit?

You do realize there are irreversable types of wire transfers right?
Click to expand...

I am aware but the veil of anonymity doesn't hold up if certain entities come looking. The Achilles heel of cash laundering was getting caught in the act usu. the only way to prove it in most cases, currency over the net is the best of both worlds.
 
Totally said:
I am aware but the veil of anonymity doesn't hold up if certain entities come looking. The Achilles heel of cash laundering was getting caught in the act usu. the only way to prove it in most cases, currency over the net is the best of both worlds.
Click to expand...

International banking law is almost as convoluted and unreliable as the bitcoin blockchain is for tracking individuals, frankly.
 
You must log in or register to reply here.
Back
Top