​Korean web host hands over 1 billion won to ransomware crooks

Web hosting company Internet Nayana is paying a hacker 1.3 billion won in bitcoin after its servers were hijacked by a ransomware attack.
Written by Cho Mu-Hyun, Contributing Writer

Korean web hosting firm Internet Nayana has agreed to pay hackers 1.3 billion won ($1.14 million) worth of bitcoins to a hacker following a ransomware attack.

Nayana was attacked on June 10, and notified the Korea Internet and Security Agency (KISA), the nation's online watchdog.

Security firm Trend Micro said the hackers used Erebus ransomware, with 153 out of Nayana's 300 servers hit, taking out thousands of websites with them.

According to KISA, around 3,400 homepages hosted by the firm were affected.

The hacker put a password on the original data and the back-up, blocking Nayana from recovering. The hacker first demanded 826.2 bitcoins, or 2.7 billion won, then lowered the ransom to 550 bitcoins, or 1.8 billion won.

The company announced that it had agreed to pay a total of 1.3 billion won to recover the servers. It paid the hacker in three installments, with an initial 400 million won on the same day to get the key for the passwords.

It said it will get the cash by lending its shares to a firm which has previously offered to acquire Nayana.

The hacker has provided the key to recover 50 out of the 153 servers. The company said it expects to recover 90 percent of the servers by the end of the month.

Last month, WannaCry ransomware attacks swept 150 countries, but few victims have paid up.

Editorial standards