Virtual desktop and cloud service pays £18,600 to ransomware extortionists

The Register reports:

Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week.

VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am.

Sign up to our free newsletter.
Security news, advice, and tips.

This virus was a new strain of the Samas DR ransomware, which affected one of VESK’s multi-tenanted environments. Around 15 per cent of VESK’s clients were on that platform.

It’s good of The Register to get to the bottom of what’s going on, because there’s no mention of the R-word on VESK’s blog about the downtime.

When I heard that VESK, which has perhaps unwisely boasted of “100% uptime” in the past, had decided to pay the criminal gang behind the ransomware attack I wondered why they wouldn’t have secure backups to restore from.

According to a statement given to The Register by Nigel Redwood of parent company Nasstar, however, the firm seems to have decided to give in to the blackmail because it wasn’t confident that its backups would be either quick enough or good enough or unaffected by the attack.

“On Monday the first thing did was search the environment and kill the process. We then spent time to determine quickest route to restore services. We decided to do that by running restores from backups and also paying for the decryption keys, to attack the problem from both angles.”

No doubt the company will have to take a long look at how the malware managed to execute on the company’s servers, and whether there are any lessons that can be learnt to reduce the chances of a similar attack having a similar impact in future.

Ultimately it’s each company’s individual decision as to whether to give in to ransom demands or not. Paying will encourage the criminals to launch more attacks, and is not always a guarantee that your data will be able to be recovered.

I can sympathise with a company which has failed to take appropriate backup precautions taking the pragmatic decision to pay the criminals for the return of their data, but I would be interested in how they would explain the transaction on their accounts.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.