sb-nz logo
Story image

South Korean web hosting provider pays $1m ransomware demand

21 Jun 2017

South Korean web hosting company Nayana was hit by the Erebus ransomware and is paying 397.6 Bitcoins, the equivalent of US$1 million. The recovery process is expected to take weeks.

The company posted a blog last week that detailed the attack. According to the post, the initial ransom was 500 Bitcoins, but the CEO managed to negotiate the ransom down to 397.6.

While the CEO says that various local and international agencies are working to decrypt the files, they are not working fast enough.

Trend Micro TrendLabs provided more depth around the incident, which revealed that Nayana has paid the second of three payments. It has also started recovering servers in batches, but some of them are displaying errors.

Trend Micro isolated the ransomware type to the Erebus family, which was been around since 2016. It is able to bypass Windows User Account Control and also mainly concentrated in South Korea.

Trend Micro also says that Unix and offshoot systems such as Linux are used so widely across enterprises, servers, web development frameworks, databases and mobile devices that they are attractive targets for hackers.

"Office documents, databases, archives, and multimedia files are the usual file types targeted by ransomware. It’s the same for this version of Erebus, which encrypts 433 file types. However, the ransomware appears to be coded mainly for targeting and encrypting web servers and data stored in them," Trend Micro says in its blog.

Nayana's latest update says that the server decryption process is taking more time than anticipated. The company estimates that servers will take 2-5 days, with some servers taking as many as 10 days to recover.

However, there have been no failures in data recovery so far and the company is working towards 100%, with 30% recovery this week and 90% next week. The decryption process is predicted to take longer.

Nayana provides managed hosting, Linux, Windows, cloud, Webmail and image hosting.

Story image
UPDATED: RBNZ ascribes data breach to third-party file sharing service
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” says RBNZ Governor.More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
Scammers target victims using COVID vaccine news
Security experts are warning consumers to watch for phishing attempts linked to vaccine news. More
Story image
Kaspersky discovers COVID-19 research related cyber threats
Kaspersky researchers have identified two APT incidents that targeted entities related to COVID-19 research - a Ministry of Health body and a pharmaceutical company. More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More