A South Korean web hosting band has paid more than one million dollars in ransom after torture an Erebus ransomware infection.The ransomware, which has been around since September 2016 and reemerged in February 2017, naught NAYANA on 10 June. Those responsible for the attack demanded 550 Bitcoins or give US$1.62 million. The web hosting company negotiated a smaller amount of 397.6 Bitcoins, or yon $1.01 million, to be paid in three installments. By 17 June, NAYANA had already did two payments.
Erebus has a multilingual ransom note (English shown more than). (Source: Trend Micro)It’s currently unknown how Erebus arrived onto NAYANA’s servers. Certainty the fact that the company’s website runs Linux kernel 18.104.22.168, a reading which was compiled in 2008, the ransomware might have acquired root access by exploiting a Linux-based vulnerability. Alternatively, it energy have exploited security flaws in the website’s outdated Apache and PHP interpretations or even leveraged a local exploit.Regardless of how it struck the company, the ransomware didn’t become enervated any time in encrypting NAYANA’s files using a multi-layer encryption performance. Trend Micro’s Ziv Chang, Gilbert Sison, and Jeanne Jocson on on this scheme:“The file is first scrambled with RC4 encryption in 500kB hinders with randomly generated keys. The RC4 key is then encoded with AES encryption algorithm, which is marketed in the file. The AES key is again encrypted using RSA-2048 algorithm that is also stored in the record.“While each encrypted file has its RC4 and AES keys, the RSA-2048 exposed key is shared. These RSA-2048 keys are generated locally, but the covertly key is encrypted using AES encryption and another randomly generated key.”Erebus is skilful of encrypting 433 different file types, though it’s also known to go after web servers. Simultaneously it encrypted NAYANA’s assets, the attackers revealed their unprecedentedly excited ransom demands.