Negotiation with cyber criminals helped to decrease the size of the ransom
South Korean web hosting company Nayana agreed to pay the ransom after Erebus ransomware attack on 10th of June. Malware infected 153 Linux servers and encrypted data of 3.400 that have been hosted here.
Cyber criminals asked to pay 550 Bitcoins that equals to $1.6 million. However, after negotiations, the company managed to reduce the payment to 397.6 Bitcoins – around $1 million. They agreed to pay the ransom in three parts. Once one installment is paid, crooks decrypt the attacked servers.
Since the attack, the company shares the latest information about discussions with cybercriminals and data recovery process.
Currently, the company is still recovering encrypted files. Though, it’s not an easy task. It might take some time to recover after ransomware attack fully.
Erebus ransomware aims at Linux OS
Erebus is designed to targets Linux operating systems and servers. It is suspected to exploit system vulnerabilities in order to attack the device.
However, the specific methods how ransomware managed to hijack Nayana’s servers are unknown. Researchers assume that the attack was based on the vulnerability of the unpatched software.
On the compromised computer malware scans for Microsoft Office documents, multimedia files, databases, and hundreds of other files. It encrypts them RSA-2048 cryptography and appends .ecrypt file extension.
Currently, there’s no other way to recover files encrypted by this ransomware just to pay the ransom or use backups. Fortunately for Nayana, cyber criminals kept their word and provided necessary tools for data recovery.
Prevention of ransomware
Ransomware viruses become more sophisticated than ever and start attacking businesses in various industries. Thus, in order to protect company’s information, confidential customer’s and client’s information and avoid financial loss, it’s crucial to take precautions.
Creating data backups is one of the most important measures to take. There are numerous convenient ways how companies and home computer users can save copies of the important documents.
Ransomware usually spreads via suspicious email attachments that include malicious files or links. Teaching employees to identify dangerous emails is an important investment too. Even one curious click may lead to encrypted files and a huge recovery bill.
Keeping software, systems, and servers up-to-date is another important task. Malware can easily exploit vulnerabilities in outdated software and attack the device.