Story image

South Korean web hosting provider pays $1m ransomware demand

21 Jun 2017

South Korean web hosting company Nayana was hit by the Erebus ransomware and is paying 397.6 Bitcoins, the equivalent of US$1 million. The recovery process is expected to take weeks.

The company posted a blog last week that detailed the attack. According to the post, the initial ransom was 500 Bitcoins, but the CEO managed to negotiate the ransom down to 397.6.

While the CEO says that various local and international agencies are working to decrypt the files, they are not working fast enough.

Trend Micro TrendLabs provided more depth around the incident, which revealed that Nayana has paid the second of three payments. It has also started recovering servers in batches, but some of them are displaying errors.

Trend Micro isolated the ransomware type to the Erebus family, which was been around since 2016. It is able to bypass Windows User Account Control and also mainly concentrated in South Korea.

Trend Micro also says that Unix and offshoot systems such as Linux are used so widely across enterprises, servers, web development frameworks, databases and mobile devices that they are attractive targets for hackers.

"Office documents, databases, archives, and multimedia files are the usual file types targeted by ransomware. It’s the same for this version of Erebus, which encrypts 433 file types. However, the ransomware appears to be coded mainly for targeting and encrypting web servers and data stored in them," Trend Micro says in its blog.

Nayana's latest update says that the server decryption process is taking more time than anticipated. The company estimates that servers will take 2-5 days, with some servers taking as many as 10 days to recover.

However, there have been no failures in data recovery so far and the company is working towards 100%, with 30% recovery this week and 90% next week. The decryption process is predicted to take longer.

Nayana provides managed hosting, Linux, Windows, cloud, Webmail and image hosting.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.