Virtual desktop and cloud service pays £18,600 to ransomware extortionists
Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week.
VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am.
This virus was a new strain of the Samas DR ransomware, which affected one of VESK’s multi-tenanted environments. Around 15 per cent of VESK’s clients were on that platform.
It’s good of The Register to get to the bottom of what’s going on, because there’s no mention of the R-word on VESK’s blog about the downtime.
When I heard that VESK, which has perhaps unwisely boasted of “100% uptime” in the past, had decided to pay the criminal gang behind the ransomware attack I wondered why they wouldn’t have secure backups to restore from.
According to a statement given to The Register by Nigel Redwood of parent company Nasstar, however, the firm seems to have decided to give in to the blackmail because it wasn’t confident that its backups would be either quick enough or good enough or unaffected by the attack.
“On Monday the first thing did was search the environment and kill the process. We then spent time to determine quickest route to restore services. We decided to do that by running restores from backups and also paying for the decryption keys, to attack the problem from both angles.”
No doubt the company will have to take a long look at how the malware managed to execute on the company’s servers, and whether there are any lessons that can be learnt to reduce the chances of a similar attack having a similar impact in future.
Ultimately it’s each company’s individual decision as to whether to give in to ransom demands or not. Paying will encourage the criminals to launch more attacks, and is not always a guarantee that your data will be able to be recovered.
I can sympathise with a company which has failed to take appropriate backup precautions taking the pragmatic decision to pay the criminals for the return of their data, but I would be interested in how they would explain the transaction on their accounts.
Source | grahamcluley