A web hosting company (Web Hosting) has agreed to pay 1 million dollars to bitcoins to hackers who managed to infect their 153 Linux servers with ransomware, encrypting 3.400 websites and all the data they hosted.
According to a blog post of the Web Hosting Company from South Korea NAYANA, the unfortunate event occurred on June 10 when the ransomware hit the hosting servers. The attacker or attackers originally required 550 bitcoins (over 1,6 million dollars) to unlock the encrypted files.
However, the company negotiated with the criminals and agreed to pay 397,6 bitcoins (about 1,01 million dollars) in three installments to decipher their records.
The Web Hosting Company has already paid the two installments at this time and will pay the last installment after data recovery by two-thirds of its infected servers.
According to Trend Micro Security Company, the ransomware used to attack was Erebus, which first appeared in September and was upgraded in February this year with possibilities to bypass User Account Control.
Host servers were running on the Linux 2.6.24.2 kernel, and researchers believe that Erasmus Linux ransomware was able to use known vulnerabilities such as DIRTY COW.
"The NAYANA Web Hosting Company uses Apache in 1.3.36 and PHP version 5.1.4. Both of them released 2006."
Erebus, is a ransomware that primarily targets users in South Korea, encrypts Office documents, databases, and media files using the RSA-2048 algorithm. It then adds the .ecrypt extension to the infected files before displaying the ransom note.
According to the analysis conducted by Trend Micro researchers, decryption of infected files is not possible without the RSA keys.
Let's mention once again: the only safe way to deal with ransomware attacks is prevention. OR better defense against Ransomware is user training as well as backup.
Most malicious software strikes if you open infected attachments or click on malware links that usually come in emails.
Make sure your systems run on the latest available version.