South Korean web hosting firm, Nayana, has set a new record in terms of highest paid ransom demand.

The web host was hit by a ransomware attack on June 10 at 1:30 a.m., encrypting 152 of the company’s Linux servers. All Nayana customers are said to be impacted by the attack that compromised web hosting, hosting databases, and multimedia files.

Trend Micro says the ransomware is the Erebus variant which first appeared in September 2016 through malvertisements, or malicious advertisements. It’s believed that organizations within South Korean are the main target of this campaign.

Nayana reportedly was running several outdated systems carrying known vulnerabilities, providing attackers with an easy route for infection. Nayana claims, “We tried to recover the backed up data. But we found that both the internal backup and the external backup were infected with ransomware and all were encrypted.”

The hackers originally demanded 10 bitcoins per crypto-locked Linux server. Nayana was able to negotiate the asking price down to 5.4 bitcoins per server, worth about $1 million. The payment to the hackers was made in three installments, the last of which was sent just today.

Trend Micro conducted an analysis of the ransomware and found that it employs the RSA algorithm to encrypt AES keys, the files have individual files that have been encrypted using unique AES keys, and the ransomware is designed, like most, to be tough to eliminate.  The ransomware uses two persistence mechanisms, including adding a fake Bluetooth service to ensure the ransomware is executed after the systems/server is rebooted and also employs a Unix cron, a utility in Unix-like operating systems that schedules jobs via commands or shell scripts to check hourly if the ransomware is running.

It’s important that your organization takes the necessary steps to defend against a ransomware attack. Ensure that all systems are patched and up-to-date, always back up critical files offline, and apply the ‘principal of least privilege’ when possible.

In addition, every organization should have a hardened Windows build standard, a hardened Linux build standard, a hardened SQL Server/Oracle database build standard, a hardened firewall standard, etc. However, determining what is an appropriate server hardening policy for your environment will require detailed research of hardening checklists and then an understanding of how this should be applied to your operating systems and applications.

All governance, regulatory and compliance standards such as NIST SP 800-53, SOX, NERC CIP, ISO27001, PCI DSS, DISA STIG and HIPAA all call for strong cybersecurity defenses, with a hardened build standard at the core. This is maintained using file integrity monitoring to highlight any significant changes or 'drift'.


Request The FREE NNT Ransomware Mitigation Kit

Read this article on Data Breach Today


The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.