Erebus Linux Ransomware Attacks South Korean Firm, Pays $1M Ransom!
The day of June 10 was not a very fortunate day for South Korean web hosting company NAYANA, which was attacked by ransomware named as Erebus ransomware. The attackers not only succeeded in hacking 150 of its Linux servers but also infected 3,400 of the business websites the company hosts. Eventually, the company lost a huge amount of its data to these hijackers. This is bigger than the WannaCry Ransomware attack which was trending last month!
Following these events, the attackers demanded 550 bitcoins worth US$ 1.62 million in order to decrypt the hacked files. According to Trend Micro, a Hosting firm Nayana, after seven days of negotiation, the company managed to settle a payment of 397.6 Bitcoins worth US$1.01 Million which was to be paid in three installments. The first two installments have been paid, but the company is unable to recover some of its data from the second batch as was expected by the web hosting company after the second installment. After the recovery of the first and second batch of data, the company will further proceed to pay the third.
But this is just a little to what happened to Kansas Heart Hospital, which was hit by the same ransomware. The hospital was unable to access the encrypted files, even after paying the full ransom amount. The attackers are also demanding more extortion which the Hospital has refused to pay.
Linux Hosting Servers Hacked by Erebus
First, hit in 2016, the ransomware has emerged again in 2017. So far, what we know about the ransomware, Erebus, is that it uses a method that helps it circumvent Windows’ User Account control. Leveraging on local exploits, we can say that the ransomware is targeting on Linux vulnerabilities. Another thing to notice here is the ransomware is not widespread but targeted; highly concentrating over South Korea.
We also do know what types of files the Erebus ransomware is targeting. These can be office database, documents, archives, etc. Although Unix and Linux OS are just a minority in the market, they are remunerative for cyber criminals. And since they are used by many big and small companies, a single vulnerability may large affect the whole network.
The risks are always there and there is no guaranty of being completely safe. And that’s why the best way against such malware and ransomware is to have a great defense that runs deep into your systems.
Here are some tips and measures you should use to be safe against such attacks:
- Back you data
- Disabling third party or unverified sources
- Principle of least privilege
- Regularly checking your network security
- Regular security check
- IP filtering
- Applying good detection systems
- Network segmentation
These are just the basic things which might defend you against mighty Anti-Virus or Malware but it can’t be assured that it will prevent 100% from Ransomware. So read this guide to know how to prevent ransomware penetrating in your system and you can use free decryptor tools provided by Avast to remove ransomware if it’s already in your system.