A South Korean web hosting company named NAYANA was forced to pay $1 million dollars in the latest ransomware hustle. The hackers targeted more than 153 Linux servers of the hosting company resulting in 3,400 websites being compromised. According to the company, it will take them up to ten days to finalize the decryption of its servers. The payout would go on to become the largest ransom paid in the history of ransomware attacks to date.
The hackers initially demanded a ransom of $4.4 million in BitCoin to decrypt the company’s files. NAYANA’s negotiators initially managed to bring the ransom down to $1.62 million dollars. A few days later, with further negotiation, the company settle with the hackers to pay $1 million. The payment is to be made in three installments, with the company having already paid since Saturday two-thirds of the total ransom. Currently, NAYANA is working on restoring and normalizing their servers by transferring the stolen data.
The ransomware used to attack the servers is a variant of the Erebus ransomware. Originally, Erebus was made to specifically target Windows computers by using methods to bypass Windows’ User Account Control. The variant used on the web hosting company is modified to work with Linux. The vector of attack is not yet known. However, security analysts at Trend Micro speculate that attackers used exploits that targeted the Linux kernel, Apache and PHP platforms. Furthermore, the possibility of a local exploit is possible given that NAYANA’s Apache server was run as a user of nobody(uid=99) instead of the standard practice of each daemon having their own users.
Ransomware has risen to become one of the most popular ways for hackers to make money. However, previous ransomware attack payouts in the past pale in comparison to the $1 million NAYANA had to pay to restore their files. To put this into perspective, Wannacry, the most widespread ransomware attack to date, netted nearly $120,000 from payments. The amount paid by the Korean web hosting company shows how much a firm values their data. This sets a dangerous precedent that will likely encourage hackers to demand bigger ransoms from individual companies. Knowing this, businesses must take a proactive stance to set up robust security measures and contingency plans to discourage its use as a heist angle.