Cloud service Vesk is hit by Ransomware
Proving that all clouds are not built the same, Vesk has reportedly paid hackers £18,600 in Bitcoins to retrieve the encrypted customer data.
The company became aware on 26th September that one of its platforms had been infected by a new strain of the Samas DR Ransomware. Unfortunately, it had affected one of their multi-tenancy environments, where around 15% of clients were left unable to access their information.
During the incident, the company blog gave away little information, sharing only the following:
According to a statement given to The Register by Nigel Redwood, the firm seems to have decided to pay the Ransomware as they were not convinced simply restoring its stored backups would be proficient enough to void the attack.
virtualDCS published a blog last month, highlighting the dangers of ransomware and the importance of version control in a backup strategy.
“On Monday the first thing we did was search the environment and kill the process. We then spent time to determine quickest route to restore services. We decided to do that by running restores from backups and also paying for the decryption keys, to attack the problem from both angles.”
Graham Cluley, security specialist commented on the attack:
“Ultimately it’s each company’s individual decision as to whether to give in to ransom demands or not. Paying will encourage the criminals to launch more attacks, and is not always a guarantee that your data will be able to be recovered.
I can sympathise with a company which has failed to take appropriate backup precautions taking the pragmatic decision to pay the criminals for the return of their data, but I would be interested in how they would explain the transaction on their accounts.”