Webhost NAYANA hit by ransomware

  • Thread starter
  • Moderator
  • #1


Apocalypse Admin
Jun 29, 2008
A korean webhosting named NAYANA had its Linux systems breached and locked down with a ransomware. The hackers demanded 1 million dollars to be paid in Bitcoin, most of which it did.
According to reports, the company was running really ancient software with known security vulnerabilities (its website ran Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006).

On June 10, South Korean web hosting company NAYANA was hit by Erebus ransomware (detected by Trend Micro as RANSOM_ELFEREBUS.A), infecting 153 Linux servers and over 3,400 business websites the company hosts.

In a notice posted on NAYANA’s website last June 12, the company shared that the attackers demanded an unprecedented ransom of 550 Bitcoins (BTC), or US$1.62 million, in order to decrypt the affected files from all its servers. In an update on June 14, NAYANA negotiated a payment of 397.6 BTC (around $1.01 million as of June 19, 2017) to be paid in installments. In a statement posted on NAYANA’s website on June 17, the second of three payments was already made. On June 18, NAYANA started the process of recovering the servers in batches. Some of the servers in the second batch are currently experiencing database (DB) errors. A third payment installment is also expected to be paid after the first and second batches of servers have been successfully recovered.

While not comparable in terms of the ransom amount, this is reminiscent of what happened to Kansas Hospital, which didn’t get full access to the encrypted files after paying the ransom, but was instead extorted a second time.

Rest of report here.


Dec 9, 2011
Now they get to serve as a great example of how to compromise your data by not updating your server software.

It's almost (almost!) as if they deserved some punishment for running software that old.


Aug 26, 2010
I saw this story earlier today and it doesn't seem to add up. According to what I've read elsewhere they had 153 Linux servers that catered for 3,400 customers. I find it unlikely a company that small would have $1m to hand over on the off chance they might get the data back.