Erebus ransomware hackers seize chance of victory in S. Korea

Park Sae-jin Reporter() | Posted : June 14, 2017, 16:45 | Updated : June 14, 2017, 16:45


Hackers seized a chance of victory in their fight with South Korean security experts as a local web hosting company infected with a new ransomware called "Erebus" raised a flag of surrender.

The white flag came from Nayana head Hwang Chil-hong who said in a notice posted on the company's homepage Wednesday that he was selling his company to pay ransom as the Korea Internet and Security Agency, a state security body, and others failed to regain control of the infected servers.

"I think this is my best choice," Hwang said, urging clients to wait for renegotiations with hackers who have infected 153 Linux servers with Erebus, a type of malicious software that prevents or limits users from accessing their system until they pay in Bitcoins, a digital payment system.

Since the attack was spotted last Saturday, many security experts in South Korea jumped to help Hwang, but there has been no success. The websites of some 3,400 companies and groups connected to the servers were infected with the ransomware.

The ransom amount initially requested by hackers stood at 10 Bitcoins or 32.7 million won (29,075 US dollars) each server, but Hwang said the amount has been cut down to a total of 1.8 billion won.

In his post, Hwang apologized for kowtowing to an attack from hackers, saying he had no choice but to put his company on sale so that he can pay. He said he would be able to secure 1.2 billion won including 800 million won coming from the sale of his company.

With a new offer of 1.2 billion won, he promised to try and open new negotiations by midnight Wednesday, the deadline set by hackers. "I could not find a solution despite my efforts through various channels at home and abroad."

Unlike WannaCry that attacks random targets, Erebus attacks designated targets, using a User Account Control (UAC) bypass that allows the ransomware to run at elevated privileges without displaying a UAC prompt.

WannaCry used loopholes in the files sharing system known as SMB (Server Message Block). The ransomware intrudes computers in a form of a worm virus and encrypts all files, leaving users inaccessible to them. Erebus will display a message box on the Windows desktop alerting the victim that their files are encrypted. When a victim clicks on the Recover my files button, they will be brought to Erebus' TOR payment site where they can get payment instructions.

Lim Chang-won =
© Aju Business Daily & Copyright: All materials on this site may not be reproduced, distributed, transmitted, displayed, published or broadcast without the authorization from the Aju News Corporation.
기사 이미지 확대 보기