Victim Pays $1M in Ransom After 153 Linux Servers Became Infected

Linux is not immune — 153 infections leading to 3,400 websites down

The largest ransomware payout in history is taking place at this very moment.  Nayana, a web hosting company located in South Korea, was hit with ransomware on June 10th.  The ransomware variant, Erebus, successfully infiltrated 153 Linux servers, allowing the cyber criminals access to encrypt over 3,400 business websites hosted by Nayana.

According to Security Week, the initial ransomware request was for 550 bitcoins, or roughly $1.6M USD.  However, after negotiations, it was agreed Nayana would pay 397.6 bitcoins.  This converts to approximately $1.01M USD.  The company is making the three payments to the cyber criminals to meet the ransom demands.  Upon receiving the payment, the cyber criminals are to release the decryption keys to the servers affiliated with the payment.  So far, two payments have been made, and Nayana is working to decrypt the impacted websites.

Reports are suggesting this particular ransomware variant has been targeting South Korea.  Although, a handful of other countries have seen it infect systems as well.

Overall, Erebus is able to infect and encrypt hundreds of types of files and databases.  However, it seems as though its primary target is web servers and the content held within them.  After this massive payday — anyone can see why.

10,243 total views, 1 views today

(Visited 1 times, 1 visits today)

12 thoughts on “Victim Pays $1M in Ransom After 153 Linux Servers Became Infected

    • @John: yes, John, as you say, “Perhaps…” I am not going to get into a flame war here, but seems to me it is no myth. How often have you heard of Linux systems being infected or broken into, compared to oh, say, Windows systems? I have always felt the biggest advantage Linux had was not just the system but the fact that its user base was small and almost totally security-conscious and concerned geeks. I would not be surprised to hear in this case, and I know nothing beyond the article above, that access came from loose password protection. That, after all, is apparently what allowed the Russians access to the Democratic Nat computer system.

  1. It would seem these larger and vulnerable companies are not securing their properties and those business sites they host. Why would they operate to make themselves vulnerable?
    If I were the executives making such decisions and whose jobs may be at risk after these huge payouts, I would recommend them to communicate quickly with PC-Matic and pay them to design a protecting system for their product. It would seem this would be prudent and less expensive than paying out $1.1 million this time and perhaps more in the future.

  2. I have spent quite some time trying to activate free PCMatic. I keepgetting a message that I am unproctected, even after running the initial scan, and also that I’m unlicensed.

    • Dave, please try logging out by clicking the log out button in the top right corner of the program, and then log in using the email address you used for purchase. If you continue to see unlicensed, please reach out to our support team at

  3. So much for all those US Army ads about how they protect against these types of intrusions. Also where is our vaunted FBI, CIA,NSA in protecting against these attacks. They seem to be very good at even getting Putin’s specific directions on messing with the 2016 election and storing all my e-mails. Just maybe they should stop the stupid vaccumning up of individual information and protect their programs from being stolen and then used in ransomware attacks.

  4. Ransomware has hit Speed cameras in Melbourne Australia. Over 540 fines relating to red light and speed have been scrap because of this cyber attack.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.