A web hosting company (Web Hosting) has agreed to pay 1 million dollars to bitcoins to hackers who managed to infect their 153 Linux servers with ransomware, encrypting 3.400 websites and all the data they hosted.
According to a blog post of the Web Hosting Company from South Korea NAYANA, the unfortunate event occurred on June 10 when the ransomware hit the hosting servers. The attacker or attackers originally required 550 bitcoins (over 1,6 million dollars) to unlock the encrypted files.
However, the company negotiated with the criminals and agreed to pay 397,6 bitcoins (about 1,01 million dollars) in three installments to decipher their records.
The Web Hosting Company has already paid the two installments at this time and will pay the last installment after data recovery by two-thirds of its infected servers.
According to the company security Trend Micro, the ransomware used in the attack was Erebus which first appeared last September and was updated in February this year with User Account bypass capabilities Control.
Host servers were running on the Linux 2.6.24.2 kernel, and researchers believe that Erasmus Linux ransomware was able to use known vulnerabilities such as DIRTY COW.
"Web Hosting company NAYANA uses Apache in the version 1.3.36 and PHP version 5.1.4. Both were released in 2006."
Erebus, is a ransomware that primarily targets users in South Korea, encrypts Office documents, databases, and media files using the RSA-2048 algorithm. It then adds the .ecrypt extension to the infected files before displaying the ransom note.
According to the analysis conducted by Trend Micro researchers, decryption of infected files is not possible without the RSA keys.
To mention once again: the only one safes way of dealing with attacks with ransomware is prevention. THE better defense against Ransomware is user training as well as backup.
Most malicious software strikes if you open infected attachments or click on malware links that usually come in emails.
Make sure your systems run on the latest available version.