South Korean Web Hosting Provider Nayana Pays $1 Million to Get Rid of a Ransomware Attack

Ransomware attacks are still a big problem after all these years. It also appears a lot of companies are still unable to deal with these types of threats other than paying the ransom in question. One South Korean web hosting provider was asked to pay 550 Bitcoin to get rid of the malicious software crippling their systems. A very disturbing development, to say the least.

Nayana Pays Close to US$1m due to Ransomware Attack

It is never good to hear a company has to deal with a massive ransomware attack. Things only get worse if said company effectively meets the criminals’ demand and pays the ransom accordingly. South Korean web hosting provider criminals’ ransom demand added up to a whopping 550 Bitcoin. At the time of this request, that amount equaled to US$1.65m, which is quite a steep amount. Thankfully, this amount was never paid, albeit a smaller transaction took place.

Granted, the ransomware strain successfully encrypted data on the company’s servers. This also meant none of their customers could properly use the web hosting services provided by Nayana. Then again, companies such as this should be taking the necessary precautions to ensure their servers can’t be corrupted by ransomware or other malware types. For some reason, that does not appear to be the case, which is rather problematic.

It is well worth mentioning Nayana originally had no intention to pay this incredibly high ransom. In fact, the company tried to negotiate with the attackers, which eventually proved to be somewhat successful. Then again, the company ended up paying 397.6 Bitcoin, worth around US$1m. It is a big step down from US$1.6m, but still, companies should never agree to pay such large amounts of cash without exploring alternative options.

Interestingly enough, these payments occurred in three different steps. The first and second installments were made in quick succession. It is rather difficult to buy large amounts of Bitcoins in one go, especially when we are talking about US$1m worth. There are verification procedures which need to be completed, which is quite time-consuming. In most cases, criminals would not necessarily agree to a payment in separate installments. Then again, they are looking to make money, thus some flexibility is required.

From the information we have received, it appears this ransomware strain goes by the name of Erebus. This particular “family” has been around since 2016 and underwent a major overhaul earlier this year. However, this particular version successfully targeted Linux computers, rather than their Windows counterparts. This effectively allowed the developers to force Nayana into paying US$1m in Bitcoin. We highly doubt this will be the last of such magnitude, though.

A thorough analysis of this attack by Trend Micro unveiled how Nayana was bound to suffer from such an attack sooner or later. The company’s Linux kernel dates back to 2008. Additionally, their Apache and PHP versions are from 2006. Not taking the necessary precaution to update these clients invites criminals to do their worst. In this particular case, the criminals were utterly successful in securing a million-dollar payday.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.