South Korean Company Agrees to Pay Hackers $1 Million Bitcoin Ransom to Unlock Its Files

By Dell Cameron on at

A South Korean web hosting company will reportedly shell out about a million dollars ( £793,900) to resolve a ransomware crisis at its data centre, the highest such payout publicly known to date.

According to a series of blog posts on the company’s website, Nayana CEO Hwang Chil-hong has agreed to pay 397.6 Bitcoin to recover the data of roughly 3,400 customers. He said he’s already made two instalments.

The gang that targeted his company is said to have employed ransomware called Erebus, named after—eye roll—the Greek deity of darkness. Chil-hong said 153 Linux servers were affected.

Gizmodo was unable to immediately reach anyone who has examined a sample of the Erebus code, but its name indicates that it may be a variant of ransomware that targeted Windows computers earlier this year.

Erebus can apparently target up to 433 file types, including office documents and multimedia files. For now, at least, it has primarily targeted web servers in South Korea with infections also popping up in Romania and Ukraine.

In a letter published on his company’s website, Chil-hong refused to pay the 550 Bitcoin ransom the hackers initially requested, saying essentially that it would ruin him anyway. He was able to negotiate the ransom down to 397.6 Bitcoin, or roughly a million US dollars.

Chil-hong claims to be pouring all of his personal assets into recovering his customers’ data. “If this negotiation is signed, I think the probability of recovering the data will be higher,” he wrote.

There was no information available regarding Erebus’ attack vector at press time. But an open source analysis of Nayana’s systems by Trend Micro reveals that its website runs on a Linux kernel compiled in 2008, and uses versions of Apache and PHP released in 2006. Numerous exploits are known for these outdated systems.

Trend Micro’s threat defence experts recommend backing up your files regularly and staying on top of your security updates. A full list of best practices can be found here. [Bleeping Computer]


More Ransomware Posts: