The Implications of a $1M Ransom

- June 21, 2017

One of the highest ransoms paid to date may foreshadow increased demands from ransomware attackers. Nayana, a South Korean web hosting company, revealed in a blog post last week that the company experienced a ransomware attack that encrypted data on 153 Linux servers and around 3,400 websites.

The ransom demanded by the attackers started at 5 billion Won (the South Korean currency), or $4.37 million in bitcoin. Nayana negotiated the ransom down to $1 million and paid to have data restored.

Ars Technica reports that a company representative described the data restoration process as “frustrating and difficult,” as one could imagine. The company updated in a blog post Saturday that engineers were in the process of restoring data.

The trend of ransomware hitting critical business and infrastructure operations has only increased in recent months. Police departments, energy and transportation infrastructure companies, schools and universities, hospitals, manufacturers and many other businesses have been hit with ransomware to varying degrees of crippling effect. Many organizations have not paid the ransom, but many also have.

Ransomware actors have to this point struck a balance of not charging too much to discourage payment, but also charging enough to make money from their operations.

This new $1 million watermark may prove a troubling one for businesses without the proper preparations for fending off and recovering from an attack. Some previous attacks, like the Hollywood Presbyterian Hospital incident, prove that attackers sometimes do not fully understand the critical nature of their victims. Hackers in that case originally requested $3.6 million and settled for a payment of $17,000.

It was also reported this week that automobile manufacturer Honda was hit with the WanaCry ransomware attack, which crippled production in one of its manufacturing locations in Japan. And this despite Honda’s efforts to secure their networks following WanaCry’s original outbreak in May.

And just last week, merchants were discovered peddling Mac ransomware-as-a-service packages on the dark web called MacSpy and MacRansom. Though initial research indicates these variants are likely the work of amateurs.

With how advanced ransomware is becoming and this new high in ransom demands, security business leaders agree that the ransomware issue is likely to get worse before it gets any better.