Virtual desktop and cloud service pays £18,600 to ransomware extortionists

Crime pays.

Graham Cluley
Graham Cluley
@[email protected]

Virtual desktop and cloud service pays £18,600 to ransomware extortionists

The Register reports:

Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week.

VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am.

This virus was a new strain of the Samas DR ransomware, which affected one of VESK’s multi-tenanted environments. Around 15 per cent of VESK’s clients were on that platform.

It’s good of The Register to get to the bottom of what’s going on, because there’s no mention of the R-word on VESK’s blog about the downtime.

Vesk blog update

When I heard that VESK, which has perhaps unwisely boasted of “100% uptime” in the past, had decided to pay the criminal gang behind the ransomware attack I wondered why they wouldn’t have secure backups to restore from.

Sign up to our free newsletter.
Security news, advice, and tips.

According to a statement given to The Register by Nigel Redwood of parent company Nasstar, however, the firm seems to have decided to give in to the blackmail because it wasn’t confident that its backups would be either quick enough or good enough or unaffected by the attack.

“On Monday the first thing did was search the environment and kill the process. We then spent time to determine quickest route to restore services. We decided to do that by running restores from backups and also paying for the decryption keys, to attack the problem from both angles.”

No doubt the company will have to take a long look at how the malware managed to execute on the company’s servers, and whether there are any lessons that can be learnt to reduce the chances of a similar attack having a similar impact in future.

Ultimately it’s each company’s individual decision as to whether to give in to ransom demands or not. Paying will encourage the criminals to launch more attacks, and is not always a guarantee that your data will be able to be recovered.

I can sympathise with a company which has failed to take appropriate backup precautions taking the pragmatic decision to pay the criminals for the return of their data, but I would be interested in how they would explain the transaction on their accounts.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.