Servers that were left entrusted by IDC without any security management became targets for ransomwares. Linux servers that do not patch up weak points or use easily accessible accounts are the targets of cyber attacks.
Korea IDC, which is operated by Internet Nayana, announced on the 8th that 9 of its servers were affected by attacks from ransomwares. Similar to webhosting service incident in May, this attack encrypted files within servers after hacking into them. Individuals including shopping mall administrators complained on internet bulletin boards that their servers were infected by ransomware after leaving their servers with Korea IDC. They also wrote comments that inquire about restoration of their servers.
Coincidentally, Korea IDC is a service operated by Internet Nayana. Internet Nayana is facing an unheard-of situation where customers from IDC service were affected followed by attacks on webhosting servers. “Cyber attacks targeted servers within IDC that has a weak security system.” said a security expert. “It seems that this attack mainly targeted Korea IDC, which is operated by Internet Nayana that paid ransom in May.”
Korea IDC announced that servers that were accessible from anywhere and not authorized IPs were the targets of recent attack. Most of these servers did not have updates that patched up weak points of their security. Kernel or bash, open SSH, and other servers with weak application updates were suffered by this attack. These ransomwares invaded into servers with weak security systems and encrypted internal files.
Hackers did not clarify detailed amount of ransom but just left information that Internet Nayana to contact through email accounts. As a result, types of ransomware and ransom are not clear and this forces Internet Nayana to negotiate with hackers just like in May.
“Hackers found accounts with weak security systems and encrypted internal files after logging in to these accounts.” said a representative for KISA. “This ransomware is different from the ransomware that was used during webhosting service incident and it is a encrypted program for Linux servers.”
“Security process is complicated for Linux servers unlike Window servers that can be patched up with security with just single click.” said Department Head Choi Sang-myung of Hauri CERT. “It seems that this ransomware is an attack that only targeted South Korean servers as it is a ransomware that was not reported before.”
Unlike how Internet Nayana paid ransom worth $1.17 million (1.3 billion KRW) back in May, it seems that customers of Korea IDC will have to solve this problem on their own. Customers who left their servers with IDC are responsible for any security-related problems. IDC simply keeps a server and supplies electricity and circuits just like how an owner of a building lends an office. Security system of doors of an office will be then set up by the person who is lending that office. If a robber invades an office with weak passwords or a security system, owner of the building will not be responsible that trespassing.
“Because Internet Nayana is operated by Korea IDC and no other IDC is not affected by cyber attacks, there is a chance that Korea IDC will be responsible for this recent cyber attack.” said a security expert. “This attack shows that a company that suffered once can be a target again in the future.”
Staff Reporter Kim, Insoon | insoon@etnews.com