South Korean web hosting company infected by Erebus ransomware

Nayana, a web hosting company in South Korea, suffered a ransomware attack over the weekend which resulted in more than a hundred Linux servers and thousands of websites being infected with Erebus ransomware. The initial ransom amount was astronomically high.

Yesterday, I came across the news that a South Korean web hosting company had been infected by ransomware, but it was extremely short on details. The ransomware was Erebus; the attack occurred on Saturday and thousands of sites were reportedly infected.

Today, Aju Business Daily provided more details. Nayana reportedly said 153 of its Linux servers were infected with Erebus. In turn, about 3,400 sites on the web hosting company’s servers were also infected.

Back in February, Bleeping Computer’s Lawrence Abrams wrote about Erebus. The ransomware uses a User Account Control (UAC) bypass method to run at higher privileges without alerting the user.

Leave a Reply

Your email address will not be published. Required fields are marked *