Korean webhosting company pays $1 million to recover files from ransomware attack

Posted 20 June 2017 17:36 CEST by Jan Willem Aldershoff

The Korean hosting company Nayana has decided to pay a ransom of $1 million after being infected by the Erebus ransomware, that targets Linux servers. The malware encrypted 153 servers and 3,400 business websites, according to Japanese antivirus vendor Trend Micro.

The cybercriminals behind the ransomware demanded 550 Bitcoin ($1.62 million) to decrypt the computers. The company told the attackers they were unable to pay the ransomware and eventually they negotiated to pay 397 Bitcoin ($1 million) that would be paid in parts.

Meanwhile the first amount has been paid and Nayana has been able to recover dozens of servers. The entire process of decryption can take more than 10 days, according to the hosting company.

It’s unclear how the servers could be infected. Trend Micro writes about that, “as for how this Linux ransomware arrives, we can only infer that Erebus may have possibly leveraged vulnerabilities or a local Linux exploit.”

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies


Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here


Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page