▲ The screen attacked by Erebus Ransomware.
Recently, one of well known web hosting company in Korea suffered huge damage due to Ransomware. This incident was the first time a Korean hosting company has been infected, even though individual or individual companies have been infected with Ransomware.
Let's first look at the case history.
On Saturday, June 10, the hosting server was infected with Ransomware called Erebus. Erebus is primarily Ransomware targeting Windows, but it is known to use the variant Erebus to target the Linux servers used by the hosting company.
The hosting company noticed that it was attacked immediately after the infection, took necessary measures to recover but failed, and eventually announced the damage announcement. The infected was the hosting company's web server and 153 backup servers, and about 10,000 damage websites were reported. Among them, the agency agency that produces and manages the website is included, and the number of damages is expected to be larger.
The next day, June 11, the hackers presented their requirements. The hosting company tried to solve the problem through the Internet Promotion Agency and Governmnet Cybercrime Unit, and raised the negotiation fee. At this time, 5,000 subscribers' homepages, which are already half of the 10,000 customers, have been unable to access or have been transformed into Ransomware-damaged sites. It is said that it required about 17 million won to solve Ransomware individually! I have been asking about 5 billion won for hosting company ...
According to hosting company representative, hackers posted
The hosting company has released all of the hackers' requirements where they m-sionand the hacker's fear of the hackers has been felt once again by opening the mailing text mentioning family, salary and loan.
To tell the truth, it seems that the hosting company did not pay much attention to security. The hosting company said they backed up their users' data with a double backup, but in fact they were infected with both internal and external backup data.
Eventually, on June 14, the hosting company, worried about the increase in number of victims, has agreed with the hackers at a1.3 billion won through negotiation. The company has to be sold in order to cover the cost.
There are two main points in this case.
First, not only individual websites, but also web hosting companies are exposed.
The hosting company is essential to run a website. And if hosting company is compromised, this means that the foundation of our internet business is dangerous.
The second is that more ransomware might target Korea.
The victims of this attack are not simply hosting companies, but also a host other internet management companies. To minimize this damage, the hosting company has agreed with the Ransomware attacker. Although the decision to pay for the ransomeware was to contain the damage, this might also sent a message to the world that Korea is vulnerable, and yet profitable target to the hackers around the globe.