Share to Facebook Share to Twitter Share to Google Plus Share to LinkedIn

$1 million. This was the cost for one firm that was recently infected by ransomware. This was the fate for a South Korean web hosting company called Nayana. The ransomware reportedly took over 153 linux servers and affected 3,400 client websites.

Ransomware

The ransomware suspected of doing the damage was Erebus. Erebus was initially discovered in September 2016 but this attack did not happen until 10th June 2017. This form of the ransomware has been modified to target Linux boxes as well as Windows.

Erebus uses an encryption method that is quite sophisticated which unfortunately means that decryption is hard to achieve without the RSA keys. The ransomware can target up to 433 file types but it was specifically designed to encrypt web servers and their data - which is what has happened here.

Although this ransomware has been found elsewhere, it does seem to have heavily targeted the South Korea region.

Negotiations

Against all normal advice, Nayana decided to negotiate with the hackers. The initial ransom was $4.4 million. This was eventually negotiated down to £500,000 until the last moment when the hackers decided they wanted $1 million. As normal for ransomware, this was paid in bitcoins to a total of 397.6 bitcoins.

Bankruptcy

The company may have paid to recover the data but this come at a cost, the company apologised as part of their statement but also released the following "Now I am bankrupt. Everything I've been working on for 20 years is expected to disappear at 12:00 tomorrow."

Further Reading

For more information, please visit the following:

http://www.bbc.co.uk/news/technology-40340820
http://www.securityweek.com/web-hosting-provider-pays-1-million-ransomware-attackers