Linux not immune to ransomware – web-host pays a whopping 1 million dollars to get the data back
Nayana, a South Korean based web hosting company, was reportedly struck with, what it appears to be the most expensive ransomware attack to date. On June 10th, the ransomware variant, Erebus, infiltrated and effectively infected 153 unpatched Linux servers running a vulnerable kernel version 2.6.24.2. and dated version of Appache. Hackers were able to access to encrypt files of over 3,400 business websites hosted by the webhost.
As reported by Security Week, the initial ransom amount was set for 550 bitcoins, which was later negotiated down to to 397.6 Bitcoins (around $1.01 million). The company announced it is making the three payments to the cyber criminals to meet the ransom demands. Upon receiving the payment, the cyber criminals are to release the decryption keys to the servers affiliated with the payment. So far, two payments have been made, and Nayana is working to decrypt the impacted websites.
Reports are suggesting this particular ransomware variant has been targeting South Korea. Although, a handful of other countries have seen it infect systems as well.
The Erebus malware is known to infect and encrypt a myriad of types of files and databases. However, it appears its primary target is web unpatched web servers and ultimately the content they serve.
One would ask, what happened to data backup and were there any business continuity plans in place to cope with such attack? Quite an eye-opener, eh?