A Ransom That Would Make Anyone WannaCry
A South Korean web hosting company, Nayana, was attacked earlier this month by hackers who initially demanded 550 Bitcoins (~$1.4 million USD) in exchange for decrypting their files. Nayana operates a fleet of outdated Linux servers including Linux kernel 220.127.116.11 (2008), Apache 1.3.36 (2006) and PHP 5.1.4 (2006), leaving them vulnerable to a plethora of public exploits.
The attackers took advantage of the situation and ported the Erebus ransomware to run on Linux which encrypted Nayana’s 153 webservers which hosted over 3,400 websites. Nayana negotiated the ransom down to 397.6 Bitcoins (~$1 million USD), but a $1 million ransom is probably enough to make any C-level executive WannaCry.
On a related note, as part of an ongoing effort to increase security, Microsoft will disable SMBv1 in future releases of the Windows operating system. SMBv1 is the protocol abused by the WannaCry ransomware to spread across internal networks.
For those of you looking to keep your systems secure and your wallet full, take the following steps:
- Disable SMBv1 on your Windows devices
- Backup your important data to an offline device (external hard drive) or cloud service
- Test the restoration functionality of your backups
- Keep your software up to date
Cybersecurity? There’s a Badge for That
Businesses are competing for an increasingly limited pool of cybersecurity talent and that leaves them exposed for months on end when it takes them six months to fill a cybersecurity position.
Ryan Barrett identifies three systemic issues for the cybersecurity skills gap:
- Students graduating from post-secondary schools aren’t fully prepared
- Companies don’t know what to look for in a professional
- Skilled professionals are overworked to the point where they can’t keep up with the hyper pace of security
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Research and Intelligence Team. Read the original post at: https://threatmatrix.cylance.com/en_us/home/this-week-in-security-6-23-2017.html