South Korean Web Hosting Company hit by Erebus Ransomware


South Korea-based web hosting company named NAYANA has been hit by Erebus ransomware downing more than 153 Linux based servers and more than 3,480 websites hosted by the web services provider. 

As per the official reports available to us, hackers are demanding an astronomical price as ransom in exchange for the decryption key. But the staffs of the web hosting company are reluctant to pay the amount as they have another plan in mind to counter this issue.
South Korean news resource, Aju Daily, reported that Erebus uses a User Account Control (UAC) bypass method to run at advanced privileges without warning the user.

Aju Daily added in its technical explanation that Erebus abuses event viewer which runs at elevated privileges so that the event viewer launched Erebus with the same privilege. Thus, the developers of Erebus can run UAC Bypass program without the need of any higher privileges. Erebus then copies itself to a randomly named file and modifies Windows registry to hijack the association of .msc file extension so that Erebus takes its place and executes itself.

As per the reports available from Aju Daily, Erebus spreading hackers/developers are demanding 10 bitcoins to free the web hosting provider’s database from the malware.

However, another news resource from South Korea has updated our sources that the hackers have lowered the ransom to 5.4 bitcoins on request made by the Nayana’s technology head.

The web hosting company has informed Korea’s Internet and Security Agency along with the state police department about the cyber attack and is thinking to launch a special investigation on this issue.

Some anonymous sources from NAYANA reported that the hosting provider is thinking to rely on its backups and is planning to find a way to regain control on the infected servers with the help of state and international security experts.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display