Servers belonging to a South Korean web hosting company were infected by the Erebus ransomware and attackers demanded more than $1 million to decrypt the affected files.
A total of 153 NAYANA servers were affected by the ransomware, which in turn impacted more than 3,400 business websites that the company hosts, according to security researchers at Trend Micro.
In a notice published by the company, NAYANA shared the news of the attack, as well as the ransom of 550 Bitcoins (BTC) that attackers demanded. The company was able to negotiate a payment of 397.6 BTC (roughly $1.01 million) to be paid in installments.
“On June 18, NAYANA started the process of recovering the servers in batches,” Trend Micro researchers wrote in a blog post.
Erebus was first spotted by security experts in malvertising campaigns in September 2016.