DISA STIG ComplianceDISA STIG COMPLIANCE

South Korean web hosting firm, Nayana, has set a new record in terms of highest paid ransom demand.

The web host was hit by a ransomware attack on June 10 at 1:30 a.m., encrypting 152 of the company’s Linux servers. All Nayana customers are said to be impacted by the attack that compromised web hosting, hosting databases, and multimedia files.

Trend Micro says the ransomware is the Erebus variant which first appeared in September 2016 through malvertisements, or malicious advertisements. It’s believed that organizations within South Korean are the main target of this campaign.

Nayana reportedly was running several outdated systems carrying known vulnerabilities, providing attackers with an easy route for infection. Nayana claims, “We tried to recover the backed up data. But we found that both the internal backup and the external backup were infected with ransomware and all were encrypted.”

The hackers originally demanded 10 bitcoins per crypto-locked Linux server. Nayana was able to negotiate the asking price down to 5.4 bitcoins per server, worth about $1 million. The payment to the hackers was made in three installments, the last of which was sent just today.

Trend Micro conducted an analysis of the ransomware and found that it employs the RSA algorithm to encrypt AES keys, the files have individual files that have been encrypted using unique AES keys, and the ransomware is designed, like most, to be tough to eliminate.  The ransomware uses two persistence mechanisms, including adding a fake Bluetooth service to ensure the ransomware is executed after the systems/server is rebooted and also employs a Unix cron, a utility in Unix-like operating systems that schedules jobs via commands or shell scripts to check hourly if the ransomware is running.

It’s important that your organization takes the necessary steps to defend against a ransomware attack. Ensure that all systems are patched and up-to-date, always back up critical files offline, and apply the ‘principal of least privilege’ when possible.

In addition, every organization should have a hardened Windows build standard, a hardened Linux build standard, a hardened SQL Server/Oracle database build standard, a hardened firewall standard, etc. However, determining what is an appropriate server hardening policy for your environment will require detailed research of hardening checklists and then an understanding of how this should be applied to your operating systems and applications.

All governance, regulatory and compliance standards such as NIST SP 800-53, SOX, NERC CIP, ISO27001, PCI DSS, DISA STIG and HIPAA all call for strong cybersecurity defenses, with a hardened build standard at the core. This is maintained using file integrity monitoring to highlight any significant changes or 'drift'.

 

Request The FREE NNT Ransomware Mitigation Kit

Read this article on Data Breach Today

 

NNT Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email[email protected]
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email[email protected]
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.