Over the weekend, the South Korean web hosting company Internet Nayana agreed to pay approximately $1 million in Bitcoin to hackers holding their servers hostage since June 10. The attack relied on Erebus ransomware and targeted Linux systems.
It is believed that this last spree of ransomware attacks is a persisting variant of the wave that hit corporations worldwide over a month ago. Security firms analyzing the internal maintenance of Nayana said their team was also at fault for not keeping their services up to date.
Tech giants including Google, Microsoft, Facebook, and Amazon have vowed to combat cybercrime and similar activities in different ways. Be Internet Awesome, for instance, is an educational campaign aimed at young learners for them to develop online awareness.
Nayana could have paid way more to free 3,400 sites
Nayana was hit by a stream of Erebus ransomware on June 10, which subsequently infected 153 of its 300 servers and compromised roughly 3,400 websites as a result.
The sites belonged mostly to small businesses in South Korea, but that did not mean that it wasn’t an impactful outage. On June 12, the web hosting company admins revealed attackers were requesting 550 Bitcoin, which translates to $1.62 million approximately.
Two days later, Nayana said they had reached an agreement to pay 397.6 Bitcoin, or $1.01 million. It was after negotiations had already settled, but hackers doubled down at the last minute and requested double the amount they had reached (roughly $500,000, according to reports).
Payment to the cyber criminals was made in three installments, the last of which went out on Tuesday. Nayana, on the other hand, has started recovering data from decrypted servers and finding some issues that might be impossible to solve.
Companies must be aware and keep their services updated
The cyber security firm Trend Micro was one of the many that took it upon themselves to analyze and report the incident after word got out that Nayana was paying a record amount to gain back access to their servers.
Researchers found that their Linux-based systems were running on a kernel compiled back in 2008 and that the PHP and Apache versions running the company’s official website dated from 2006. Evidently, tons of exploits and vulnerabilities have been found since then.
Erebus, on the other hand, is a relatively known strain of ransomware that appeared late last year. Falling victim of this particular piece of malware was costly beyond compare for the company, who had to lend its shares to a rival who had intentions to acquire it before the incident.
The CEO of the company expressed his regret over the weekend and apologized to its customers, revealing he had gone bankrupt in the process of paying up hackers. Analysts were also puzzled about the openness of the whole ordeal because targets tend not to disclose how much they pay for ransom.