Web hosting company paid $1 million after ransomware attack

by Jake Doevan - - 2017-06-20

Negotiation with cyber criminals helped to decrease the size of the ransom

South Korean web hosting company paid $1 million after ransomware attack

South Korean web hosting company Nayana agreed to pay the ransom after Erebus ransomware attack on 10th of June. Malware infected 153 Linux servers and encrypted data of 3.400 that have been hosted here.^[1]

Cyber criminals asked to pay 550 Bitcoins that equals to $1.6 million. However, after negotiations, the company managed to reduce the payment to 397.6 Bitcoins – around $1 million. They agreed to pay the ransom in three parts. Once one installment is paid, crooks decrypt the attacked servers.

Since the attack, the company shares the latest information about discussions with cybercriminals and data recovery process.^[2]

Currently, the company is still recovering encrypted files. Though, it’s not an easy task. It might take some time to recover after ransomware attack fully.

Erebus ransomware aims at Linux OS

Erebus is designed to targets Linux operating systems and servers. It is suspected to exploit system vulnerabilities in order to attack the device.

However, the specific methods how ransomware managed to hijack Nayana’s servers are unknown. Researchers assume that the attack was based on the vulnerability of the unpatched software.^[3]

On the compromised computer malware scans for Microsoft Office documents, multimedia files, databases, and hundreds of other files. It encrypts them RSA-2048 cryptography and appends .ecrypt file extension.

Currently, there’s no other way to recover files encrypted by this ransomware just to pay the ransom or use backups. Fortunately for Nayana, cyber criminals kept their word and provided necessary tools for data recovery.

Prevention of ransomware

Ransomware viruses become more sophisticated than ever and start attacking businesses in various industries.^[4] Thus, in order to protect company’s information, confidential customer’s and client’s information and avoid financial loss, it’s crucial to take precautions.

Creating data backups is one of the most important measures to take. There are numerous convenient ways how companies and home computer users can save copies of the important documents.

Ransomware usually spreads via suspicious email attachments that include malicious files or links. Teaching employees to identify dangerous emails is an important investment too.^[5] Even one curious click may lead to encrypted files and a huge recovery bill.

Keeping software, systems, and servers up-to-date is another important task. Malware can easily exploit vulnerabilities in outdated software and attack the device.

About the author

Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References

^ Ms. Smith. South Korean web hosting company infected by Erebus ransomware. NetworkWorld. The Network News, Trend Analysis, Product Testing, And More.
^ Nayana blog post on ransomware attack. Nayana. The Official Website of the Nayana Company.
^ Erebus Resurfaces as Linux Ransomware. Trend Micro Blog. The Blog About Security News By Trend Micro.
^ Ransomware attacks around the world grow by 50%. BBC. World Wide News Broadcaster.
^ Tim Holman. Security Think Tank: Employee awareness key to halting ransomware attacks. ComputerWeekly. The Latest Information Technology News And IT Jobs.