Jump to content

Web Hosting Company Pays $1 Million to Hackers Following Ransomware Infection


CrAKeN

Recommended Posts

web-hosting-company-pays-1-million-to-ha

 

The ransomware infection compromised more than 3,400 business websites

 

Ransomware is once again making the headlines, this time because a South Korean web hosting provider agreed to pay more than $1 million to hackers to restore access to a total of 153 Linux server compromised by ransomware.

 

Web hosting provider Nayana said the attack was recorded on June 10 when more than 3,40 business websites ended up encrypted with Erebus, a form of malware that was first spotted last year and which was updated to support Linux.

 

Hackers originally demanded 550 Bitcoin to decrypt the infected files, but Nayana says after several rounds of negotiations, the ransom was reduced to 397.6 Bitcoin, which was the equivalent of a little over $1 million.

 

In a statement posted on the official website, Nayana explains that the hackers pointed out the firm would be able to pay more than $1.6 million in ransom after estimating that each of the 40 employees receives an annual salary of $30,000. This means the firm makes at least $1.2 million every year, with hackers explaining that if Nayana does not afford to pay, it should take a loan or go bankrupt.

 

Old software running on Nayana’s servers


The web hosting company also revealed that it would make the payments in three different batches, and hackers will decrypt files gradually as the money is received.

 

Security company Trend Micro, which analyzed the infection with Erebus, explains that Nayana failed to properly protect its servers, revealing that the website runs on Linux kernel 2.6.24.2, which was compiled in 2008. Furthermore, it runs on Apache version 1.3.36 and PHP version 5.1.4, which were both released in 2006.

 

“It’s worth noting that this ransomware is limited in terms of coverage, and is, in fact, heavily concentrated in South Korea. While this may indicate that this ransomware attack is targeted, VirusTotal showed otherwise—several samples were also submitted from Ukraine and Romania. These submissions can also indicate they were from other security researchers,” Trend Micro says.

 

Nayana says it has already issued the first two payments to the ransomware authors and is now in the process of making the third payment, though it’s still trying to deal with a series of database issues experienced after some of the files were decrypted.

 

 

Source

Link to comment
Share on other sites


  • Views 560
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...