Nayana, a South Korean web hosting company, was hit with ransomware and knuckled down to pay the $1 million in ransom.

The attack was pervasive hitting 153 Linux servers. It affected over 3,400 business websites being encrypted. The hackers originally demanded 550 Bitcoins (over $1.6 million), but after negotiations, Nayana agreed to pay 397.6 Bitcoins (around $1.01 million).

The hackers agreed to three payments with decryption following suit. The company is currently in the process of recovering the data from the first two server batches.

Trend Micro analyzed the malware and determined it to be Erebus. They also discovered that Nayana is using outdated platforms. Linux kernel 2.6.24.2, which was compiled back in 2008, Apache version 1.3.36 and PHP version 5.1.4, both released in 2006.

Erebus targets Office documents, databases, archives, and multimedia files which can encrypt 433 file types. It was also compiled to specifically hit web servers and data stored in them.

Trend Micro concludes: “As exemplified by Nayana, Linux is an increasingly popular operating system and a ubiquitous element in the business processes of organizations across various industries—from servers and databases to web development and mobile devices. Data centers and hosting/storage service providers also commonly use machines running Linux, for instance.”

Source: Seurity Week