Korean Web Hosting Firm Forks Over $1M to Ransomware Thieves
Another day, another ransomware horror story. This time, a South Korean Web Hosting firm has paid $1 million USD worth of bitcoins to save its business after a Linux-based ransomware infected its servers, encrypting the websites and data of thousands of customers.
The attack, which security researchers at Trend Micro believe used a version of Erebus ported to Linux, infected more than 150 servers hosting the sites of more than 3,400 customers, mostly small businesses.
The attack first struck on June 10th, according to a blog post from Nayana, the web hosting company, when ransomware attackers demanded 550 bitcoins (roughly $1.6 million USD) to unlock the encrypted files.
Nayana was eventually able to negotiate that sum down to 397.6 bitcoins (about $1.01 million), to be paid in three installments.
According to Trend Micro, Nayana was seriously vulnerable systems at the time of the attack, including a Linux kernel (22.214.171.124) compiled back in 2008. “Security flaws like DIRTY COW that can provide attackers root access to vulnerable Linux systems are just some of the threats it may have been exposed to,” writes Trend Micro.
Nayana has said in a statement that it is working closely with the Korea Internet and Security Agencies, as well as other “cyber criminal investigators” on an investigation of the attack.
Sadly, these sort of attacks will only become more commonplace, as large payouts such as this embolden attackers to reach for more lucrative targets. The epidemic of weaponized encryption hit a fever pitch last year, with a whopping 638 million instances of Ransomware, and the trend shows no signs of slowing. There are, however, some steps you can take to protect yourself from attack. Check out the articles linked below for best practices on combating ransomware attacks.