A recent report by Advisen Ltd noted that on June 10, 2017, ransomware called “Erebus” infected thousands of South Korean websites connected to Linux servers run by a local web hosting company, Nayana.

The South Korean web hosting company said in a notice posted on its homepage that 153 of its Linux servers were found to have been infected. 3,400 sites of companies and groups were victims to this malicious software that prevents users from accessing their systems until they pay a ransom in Bitcoin.

The web hosting provider agreed to pay $1 million in bitcoin to hackers for the decryption key, which, as of July 6, worked but only imperfectly. This complicated and extended data recovery efforts. The ransom amount initially requested stood at 10 Bitcoin or 32.7 million won (29,075 US dollars) for each server. The hackers then demanded 550 Bitcoin (over $1.6 million) to decrypt the infected files.

Following negotiations, the amount was lowered and the ransom paid was 397.6 Bitcoin (around US$1.01 million).