The Channel logo


By | Kat Hall 29th September 2016 15:02

VESK coughs up £18k in ransomware attack

Biz took the precaution to pay up as a belt and braces approach

Exclusive Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week.

VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am.

This virus was a new strain of the Samas DR ransomware, which affected one of VESK's multi-tenanted environments. Around 15 per cent of VESK's clients were on that platform.

Because this was a new strain, VESKs antivirus provider Sophos had not yet been updated to detect it - something other antivirus providers were also yet to do.

Nigel Redwood, chief exec of VESK's parent company, Nasstar, said: "On Monday the first thing did was search the environment and kill the process. We then spent time to determine quickest route to restore services.

"We decided to do that by running restores from backups and also paying for the decryption keys, to attack the problem from both angles."

He said the company restored the email, but purposefully didn’t get Citrix up until it could identify where and how it originated form.

"Once we did, we began the process of getting Citrix back online for users."

The majority of services are now back up for customers, as the decryption process nears completion.

The company will undergo a control and compliance audit with its ethical hacker, and in addition has engaged Falanx to do assist in the audit.

It has notified the Cyber Security Information Sharing Partnership (CISP) which have reported the attack as a criminal activity.

"We are doing everything we can to mitigate against this happening again."

"We’ve been deeply apologetic to our clients; we have a shift of people working 24/7 to resolve this. Myself and team have also been meeting with customers."

Ransomware attacks are becoming increasingly prevalent, with security consultant Trend Micro naming it as the biggest threats to companies this year.

Joseph Bonavolonta, an assistant special agent with the FBI, has previously said firms that fall victim to infection from file encrypting ransomware should simply pay the ransom. ®

comment icon Read 12 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe