A Web-hosting service recently agreed to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently.

The South Korean Web host, Nayana, said in a blog post published last week that initial ransom demands were for five billion won worth of Bitcoin, which is roughly $4.4 million. Company negotiators later managed to get the fee lowered to 1.8 billion won and ultimately landed a further reduction to 1.2 billion won, or just over $1 million. An update posted Saturdaysaid Nayana engineers were in the process of recovering the data. The post cautioned that that the recovery was difficult and would take time.

“It is very frustrating and difficult, but I am really doing my best, and I will do my best to make sure all servers are normalized,” a representative wrote, according to a Google translation.

The ransomware behind what may be a record payout is known as Erebus. Once targeting only computers running Microsoft Windows operating systems, Erebus was recently modified so that a variant will work against Linux systems. How Erebus managed to get installed on the Nayana servers is not clear, but given the woefully unpatched software the Web hosting service appeared to run, it’s possible the attackers exploited a well-known vulnerability. In a blog post published Monday, researchers from security firm Trend Micro wrote:

As for how this Linux ransomware arrives, we can only infer that Erebus may have possibly leveraged vulnerabilities or a local Linux exploit. For instance, based on open-source intelligence, NAYANA’s websiteruns on Linux kernel 2.6.24.2, which was compiled back in 2008. Security flaws like DIRTY COW that can provide attackers root access to vulnerable Linux systems are just some of the threats it may have been exposed to.

Additionally, NAYANA’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known; in fact, there was even a tool sold in the Chinese underground expressly for exploiting Apache Struts. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.

The Erebus variant that hit Nayana appears to have been designed to target Web servers.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing

Kali Linux has over 300 preinstalled penetration-testing programs, including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners.[2][3] Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.[2]

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. The third core developer Raphaël Hertzog joined them as a Debian expert.[4][5]

Kali Linux is based on Debian Testing. Most packages Kali uses are imported from the Debian repositories.[6]

Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being digitally signed by the developer. Kali also has a custom-built kernel that is patched for 802.11 wireless injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Penetration Testing vs Ethical Hacking

Difference between Penetration Testing and Ethical Hacking. Penetration testing is very closely related to ethical hacking, so these terms often used interchangeably, but they do have distinctions that we should observed.

Penetration testing is a more narrowly focused phrase, it deals with the process of finding flaws in a target environment with the goal of penetration systems, taking control of them. Penetration testing, as the name implies, is focused on penetration the target organization’s defenses, compromising systems and getting access to information.

Ethical hacking is an expansive term encompassing all hacking techniques, and computer attack techniques to find security flaws with the permission of the target owner and the goal of improving the target’s security while penetration testing is more focused on the process of finding vulnerabilities in a target environment. In short, penetration testing is a subset of ethical hacking.