A web-hosting service in South Korea has agreed to pay about US$1.1 million worth of ransom to unlock computers frozen by hackers.
Media have reported it as a record sum among publicly known cases of ransomware, though many firms choose not to report being held to ransom for concerns over company reputation and other factors.
The web-hosting firm, Nayana, was attacked on 10 June and notified the Korea Internet and Security Agency (KISA), South Korea's Internet watchdog. 153 out of 300 Nayana servers were hit, taking out thousands of websites with them, said cybersecurity firm Trend Micro.
According to KISA, an estimated 3,400 websites hosted by the firm were affected.
The hackers locked the original data and back-up, which prevented Nayana from seeking recovery. At first, they demanded 826.2 bitcoins (US$2.0 million), then lowered the ransom to 550 bitcoins (US$1.6 billion). The company then announced that it had agreed to pay a total of KRW1.3 billion (US$1.1 million) to recover the servers, said a ZDNet report.
This amount was paid in three installments, with an initial KRW400 million on the same day to get the password keys. The hacker has provided the key to recover 50 out of the 153 servers. The company said it expects to recover 90% of the servers by the end of the month.
In a blog post on Nayana’s website, its CEO said that the firm will get the cash by lending its shares to a firm which has previously offered to acquire Nayana, because it only had KRW400 million on hand.
Since paying up, Nayana is still attempting to restore operations back to normal. Some of its customers still do not have their websites back online, though the hosting company has been providing regular updates on its own site. The latter was updated on Saturday to say that engineers were in the process of recovering the data. The post cautioned that the recovery was difficult and would take time.
Nayana’s CEO had said prior to payment: "Now I am bankrupt. Everything I've been working on for 20 years is expected to disappear at 12:00 tomorrow," reported the International Business Times.
Ms Angela Sasse, director of the Institute in the Science of Cyber-Security quoted in the BBC, said that she was surprised both by the size of the ransom and that the firm went public about paying.
"It could be that it had to disclose the amount under the South Korean regulatory structure or it could have been done out of a sense of public duty," she was quoted as saying. "From the attackers' point of view, they might have preferred that the firm kept quiet. It is such a large ransom that it might spur a lot of companies to look more carefully at their security."
Ms Sasse said that ransomware attackers have grown much bolder in recent years.
"Two years ago, they tended to target individuals or smaller businesses believing that they would have less good security measures but they have found that they can get bigger targets and the pay-off is much larger. It is a lucrative business."
Last month, the WannaCry ransomware attacks hit 150 countries, but few victims have paid up.
Security experts had warned, at least in the case of WannaCry, that firms should not pay such ransoms or enter into negotiations with hackers, because payment may not necessarily result in hackers releasing access as promised.