South Korean firm's 'record' ransom payment Published duration 20 June 2017

image copyright Webroot image caption Ransomware known as WannaCry recently infected hundreds of thousands of computers around the world

South Korean web-hosting firm Nayana has agreed to pay a $1m ransom to unlock computers frozen by hackers.

It is believed to be a record amount, although it is worth noting that many ransom payments are never made public.

Nayana's chief executive revealed that the hackers initially asked for $4.4m, payable in bitcoin.

Security experts warned that firms should not pay such ransoms or enter into negotiations with hackers.

Angela Sasse, director of the Institute in the Science of Cyber-Security, said that she was surprised both by the size of the ransom and that the firm went public about paying.

"This is a record ransom from what I know, although some will have paid and not gone public.

"It could be that it had to disclose the amount under the South Korean regulatory structure or it could have been done out of a sense of public duty," she said.

"From the attackers' point of view, they might have preferred that the firm kept quiet. It is such a large ransom that it might spur a lot of companies to look more carefully at their security."

Bankrupt

The ransomware - known as Erebus - targeted computers running Microsoft Windows and was also modified so a variant would work against Linux-based systems.

It appears that Nayana entered into negotiations with the hackers, lowering the fee from $4.4m to less than $500,000 although at the last minute, the hackers doubled the negotiated amount to $1m.

They are believed to have encrypted data on 153 Linux servers and 3,400 customer websites.

An update posted on Saturday said that engineers were in the process of recovering data but added that it would take time.

Nayana's chief executive apologised for the "shock and damage" of the incident.

In an earlier statement, he said that the attack had hit his bank balance.

"Now I am bankrupt. Everything I've been working on for 20 years is expected to disappear at 12:00 tomorrow."

Ms Sasse said that ransomware attackers had grown much bolder in recent years.

"Two years ago, they tended to target individuals or smaller businesses believing that they would have less good security measures but they have found that they can get bigger targets and the pay-off is much larger. It is a lucrative business."