South Korean web hosting firm named Nayana has agreed to pay its attackers a record-shattering $1 million to unlock servers encrypted by ransomware.
When Attack was Happened?
The comapny was hit June 10 by the ransomware attack, at 1:30 a.m. local time, leading to 153 of the company’s Linux servers being forcibly encrypted. The company says it immediately reported the attack to authorities and launched an investigation, and was initially hopeful government cybersecurity experts might be able to crack the ransomware crypto.
Nayana entered into negotiations with the hackers, lowering the fee from $4.4m to less than $500,000 although at the last minute, the hackers doubled the negotiated amount to $1m.
According to BBC Post, The ransomware named Erebus – targeted computers running Microsoft Windows and was also modified so a variant would work against Linux-based systems. They are believed to have encrypted data on 153 Linux servers and 3,400 customer websites.
Angela Sasse (Director of the Institute in the Science of Cyber-Security) said that :
“I were was surprised both by the size of the ransom and that the firm went public about paying.”
“This is a record ransom from what I know, although some will have paid and not gone public. It could be that it had to disclose the amount under the South Korean regulatory structure or it could have been done out of a sense of public duty.”
“From the attackers’ point of view, they might have preferred that the firm kept quiet. It is such a large ransom that it might spur a lot of companies to look more carefully at their security.”
Nayana’s CEO apologised for the “shock and damage” of the incident. He stated that, the attack had hit his bank balance.
“Now I am bankrupt. Everything I’ve been working on for 20 years is expected to disappear at 12:00 tomorrow.”