Ransomware has been seeing an increasing amount of interest in the tech world, motivated not only by the increase in number and severity of attacks, but also by the fact that some companies do elect to pay the demands. In this case, Nayana, a South Korean web hosting provider, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin. This decision comes following a ransomware infection that encrypted data on customer' servers. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.The attackers initially asked for a ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After negotiating, the final amount came to 397.6 Bitcoin, which amounted to roughly $1 million at the time (Bitcoin is currently at $2744.56, so right now, those 397.6 Bitcoin are worth roughly $1.1 million dollars). The company has already paid two of the three payment tranches, and expects the decryption operation to take up to ten days due to the vast amount of encrypted data. If the data is liberated at all, that is, which can't really be counted upon, now can it?This is just another case of Bitcoin being used as a payment method for this kind of ransoms. Cryptocurrencies are much harder to track than usual fiat currencies, take up a lot less space, and are increasing in value at an astounding pace (having recently reached a total of $100 billion dollars market cap. The ransomware was achieved through Erebus, and the ransom note stated that all files would be deleted in 96 hours should the ransom not be paid.A TrendMicro report puts the blame on Nayana's security practices and software infrastructure, since "NAYANA's website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. [...] Additionally, NAYANA's website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known;[...]. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack." You should go on and read the report (in sources), since it does provide an interesting read that sheds some light on what exactly happened here.