sb-as logo
Story image

South Korean web hosting provider pays $1m ransomware demand

21 Jun 2017

South Korean web hosting company Nayana was hit by the Erebus ransomware and is paying 397.6 Bitcoins, the equivalent of US$1 million. The recovery process is expected to take weeks.

The company posted a blog last week that detailed the attack. According to the post, the initial ransom was 500 Bitcoins, but the CEO managed to negotiate the ransom down to 397.6.

While the CEO says that various local and international agencies are working to decrypt the files, they are not working fast enough.

Trend Micro TrendLabs provided more depth around the incident, which revealed that Nayana has paid the second of three payments. It has also started recovering servers in batches, but some of them are displaying errors.

Trend Micro isolated the ransomware type to the Erebus family, which was been around since 2016. It is able to bypass Windows User Account Control and also mainly concentrated in South Korea.

Trend Micro also says that Unix and offshoot systems such as Linux are used so widely across enterprises, servers, web development frameworks, databases and mobile devices that they are attractive targets for hackers.

"Office documents, databases, archives, and multimedia files are the usual file types targeted by ransomware. It’s the same for this version of Erebus, which encrypts 433 file types. However, the ransomware appears to be coded mainly for targeting and encrypting web servers and data stored in them," Trend Micro says in its blog.

Nayana's latest update says that the server decryption process is taking more time than anticipated. The company estimates that servers will take 2-5 days, with some servers taking as many as 10 days to recover.

However, there have been no failures in data recovery so far and the company is working towards 100%, with 30% recovery this week and 90% next week. The decryption process is predicted to take longer.

Nayana provides managed hosting, Linux, Windows, cloud, Webmail and image hosting.

Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
The rising threat of human-controlled ransomware
Until recently, most ransomware attacks have been automated affairs. But things are changing, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Digital payments fuelling fraud surge during COVID crisis
Digital payments are fuelling a multibillion-dollar fraud surge worldwide.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More