6.23.2017

Record $1 Million Payed to Ransomware

South Korean Firm Gives in to Demands


A South Korean web-hosting firm has paid out a record $1 million to ransomware. The company in question, Nayana, revealed that the attackers initially asked for $4.4 million in bitcoin, but managed to haggle it down to less than a quarter of the amount.

Ransomware is on the rise, no doubt in part to the publicity it has been getting. Some companies have payed ransomware makers without going public, so who knows whether $1 million is really a record. Ironically, the spread of the internet and social media has created almost a valid business model for hackers, requiring a degree of trust. Failing to unencrypt a victim's data could stop anyone else from paying their demands.

“Some companies have payed ransomware makers without going public, so who knows whether $1 million is really a record.”

The particular ransomware in this case is called Erebus. Originally, the virus affected Windows machines, but has been modified to affect Linux systems. It is believed the ransomware encrypted data on 153 Linux servers and 3,400 customer websites.

Nayana posted an update Saturday saying they were in the process of recovering data, but that it would take time. The company’s chief executive apologized for the “shock and damage” stemming from the event. 

Despite warnings from security experts not to pay ransoms, many multi-million dollar firms will gladly pay rather than lose hours or days of production. For some firms, a single hour could be worth hundreds of thousands of dollars. With the potential of multi-million dollar payouts now a reality, companies will have to take a good long look at their security.