A South Korean web hosting company will reportedly shell out a million dollars to resolve a ransomware crisis at its data centre, the highest such payout publicly known to date.
According to a series of blog posts on the company’s website, Nayana CEO Hwang Chil-hong has agreed to pay 397.6 Bitcoin to recover the data of roughly 3400 customers. Chil-hong said he’s already made two instalments.
The gang that targeted his company is said to have employed ransomware called Erebus, named after — eye roll — the Greek deity of darkness. Chil-hong said 153 Linux servers were affected.
Gizmodo was unable to immediately examine a sample of the Erebus code, but its name indicates that it may be a variant of ransomware that targeted Windows computers earlier this year.
Erebus can target up to 433 file types, according to Trend Micro, including office documents and multimedia files. For now, at least, it has primarily targeted web servers in South Korea with infections also popping up in Romania and Ukraine.
In a letter published on his company’s website, Chil-hong refused to pay the 550 Bitcoin ransom the hackers initially requested, saying that amount would essentially ruin him anyway. He was able to negotiate the ransom down to 397.6 Bitcoin, or roughly $1.5 million.
Chil-hong claims to be pouring all of his personal assets into recovering his customers’ data. “If this negotiation is signed, I think the probability of recovering the data will be higher,” he wrote.
There was no information available regarding Erebus’ attack vector at press time. But an open source analysis of Nayana’s systems by Trend Micro reveals that its website ran on a Linux kernel compiled in 2008, while using versions of Apache and PHP released in 2006. Numerous exploits are known for these outdated systems.
To defend against ransomware, Trend Micro’s threat defence experts recommend backing up your files regularly and staying on top of your security updates. A full list of best practices can be found here.