A South Korean web host has paid hackers over $1 million to retrieve encrypted files, a number of sources have reported. The payment, made in Bitcoins, ended a period of 8 days when the company was unable to operate. According to reports, over 150 of the company’s servers were infected, impacting around 3,500 predominantly South Korean small businesses that hosted their websites with the company.
The incident was reported on the website of
NAYANA who suggested the attack leveraged Erebus Ransomware to make the attack. The hackers required the company to pay 550 Bitcoins to retrieve the files, but after negotiations with the hackers, paid around 400 Bitcoins in three instalments.
Erebus is usually introduced through infected email attachments and links to malware in emails, highlighting the importance of not responding to emails where the sender is not known. Erebus encrypts a range of media using the RSA-2048 algorithm. Files are then given a ‘.ecrypt’ extension before a demand for payment is made. File decryption is not possible without receiving required RSA keys.
Were you impacted by this attack? Let us know the details. Add your comments below.
