VESK coughs up £18k in ransomware attack

Exclusive Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week.

VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am.

This virus was a new strain of the Samas DR ransomware, which affected one of VESK’s multi-tenanted environments. Around 15 per cent of VESK’s clients were on that platform.

Because this was a new strain, VESKs antivirus provider Sophos had not yet been updated to detect it – something other antivirus providers were also yet to do.

Nigel Redwood, chief exec of VESK’s parent company, Nasstar, said: “On Monday the first thing did was search the environment and kill the process. We then spent time to determine quickest route to restore services.

“We decided to do that by running restores from backups and also paying for the decryption keys, to attack the problem from both angles.”

He said the company restored the email, but purposefully didn’t get Citrix up until it could identify where and how it originated form.

“Once we did, we began the process of getting Citrix back online for users.”

The majority of services are now back up for customers, as the decryption process nears completion.

The company will undergo a control and compliance audit with its ethical hacker, and in addition has engaged Falanx to do assist in the audit.

It has notified the Cyber Security Information Sharing Partnership (CISP) which have reported the attack as a criminal activity.

“We are doing everything we can to mitigate against this happening again.”

“We’ve been deeply apologetic to our clients; we have a shift of people working 24/7 to resolve this. Myself and team have also been meeting with customers.”

Ransomware attacks are becoming increasingly prevalent, with security consultant Trend Micro naming it as the biggest threats to companies this year.

Joseph Bonavolonta, an assistant special agent with the FBI, has previously said firms that fall victim to infection from file encrypting ransomware should simply pay the ransom. ®