$ 300 from each victim . These hackers extortedAttack.Ransom$ 1 million from one South Korean company . Hackers appear to have pulled offAttack.Ransoma $ 1 million heist with ransomware in South Korea . The ransomware attackedAttack.Ransommore than 153 Linux servers that South Korean web provider Nayana hosted , locking up more than 3,400 websites on June 10 . In Nayana 's first announcement a few days later , it said the hackers demandedAttack.Ransom550 bitcoins to free up all the servers -- about $ 1.62 million . Four days later , Nayana said it 'd negotiated with the attackers and got the payment reducedAttack.Ransomto 397 bitcoins , or about $ 1 million . This is the single largest-known payout for a ransomware attackAttack.Ransom, and it was an attackAttack.Ransomon one company . For comparison , the WannaCry ransomware attackedAttack.Ransom200,000 computers across 150 countries , and has only pooled $ 127,142 in bitcoins since it surfaced . Ransomware demandsAttack.Ransomhave risen rapidly over the past year , tripling in price from 2015 to 2016 . But even then , the highest cost of a single ransomware attackAttack.Ransomwas $ 28,730 . Nayana agreed to payAttack.Ransomthe ransomware in three installments , and said Saturday it 's already paidAttack.Ransomtwo-thirds of the $ 1 million demandAttack.Ransom. `` It is very frustrating and difficult , but I am really doing my best and I will do my best to make sure all servers are normalized , '' a Nayana administrator said , according to a Google translation of the blog post . The company is expected to make the final paymentAttack.Ransomonce all the servers from the first and second payoutsAttack.Ransomhave been restored . Trend Micro , a cybersecurity research firm , identified the ransomware as Erebus , which targets Linux servers for attacks . It first surfaced in September through web ads , and popped up again in February . `` It 's worth noting that this ransomware is limited in terms of coverage , and is , in fact , heavily concentrated in South Korea , '' Trend Micro researchers said Monday in a blog post . Paying ransomwareAttack.Ransomis at the victim 's discretion , but nearly all organizations , including government agencies and security researchers , advise against it .
Atlanta mayor Keisha Bottoms said on Thursday , March 22 , that hackers attackedAttack.Ransomthe city ’ s network system and encrypted data . The details are somewhat slim for now , but hackers reportedly used the SamSam ransomware and demandAttack.Ransomaround $ 51,000 in Bitcoin to unlock the city ’ s seized computers . Atlanta is currently working with the Department of Homeland Security , the FBI , Microsoft , and Cisco cybersecurity officials to determine the scope of the damage and regain control of the data held hostage . “ Our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue , ” the city ’ s official Twitter account states . “ We are confident that our team of technology professionals will be able to restore applications soon . Our city website , Atlantaga.gov , remains accessible and we will provide updates as we receive them. ” As of Thursday afternoon , the city said it faced outages on various “ internal and customer facing applications , ” such as means for accessing court-related information and paying bills . But the city itself isn ’ t exactly under siege : Airport , public safety , and water operations remain unaffected by the attack , and the city payroll wasn ’ t touched . The only bone Atlanta is throwing the public is that the attack affects “ various city systems. ” According to Atlanta ’ s newly appointed chief operating officer , Richard Cox , Atlanta Information Management officials were made aware of problems with internal and customer-facing applications at 5:40 a.m. Thursday . At the time , he acknowledged that the city fell prey to ransomware , but given the investigation is still ongoing , he couldn ’ t provide the extent of the damage . “ The ongoing investigation will determine whether personal information , financial , or employee data has been compromisedAttack.Databreach, ” he said during a press briefing . “ As a precaution , we are asking that all employees take the appropriate measures to ensure their data is not compromisedAttack.Databreach. The city advises employees to monitor and protect personal information and in the coming days we will offer employees additional resources if needed. ” What the city didn ’ t officially disclose was the ransomware note discovered in the investigation . A screenshot reveals the hackers ’ demandsAttack.Ransom: 0.8 Bitcoins for each seized computer , or six bitcoins to unlock all computers held hostage , equaling to around $ 51,000 in real cash . Once Atlanta sends the Bitcoins to a digital wallet , the city is to leave a message containing the host name on a specific website . The hackers will then provide decryption software to release the computers from captivity . The SamSam malware doesn ’ t take the typical route of installing itself on computers when unsuspecting owners click a link within an email . Instead , hackers findVulnerability-related.DiscoverVulnerabilityunpatched vulnerabilities in network servers and manually unleash SamSam to seize key data systems and cause maximum damage to the company ’ s infrastructure . SamSam is one of many in a family of ransomware targeting government and healthcare organizations . It was first observed in 2015 and encrypts various file types using the Advanced Encryption Standard ( aka Rijndael ) . It then encrypts that key with RSA 2048-bit encryption to make the files utterly unrecoverable . As of Friday morning , Atlanta ’ s main website and its affiliated portals remained unaffected by the ransomware attackAttack.Ransom.
LabCorp experienced a breach this past weekend , which it nows says was a ransomware attackAttack.Ransom. The intrusion has also prompted concerns that patient data may have also been stolenAttack.Databreach. One of the biggest clinical lab testing companies in the world , LabCorp , was hitAttack.Ransomwith a `` new variant of ransomware '' over the weekend . `` LabCorp promptly took certain systems offline as a part of its comprehensive response to contain and remove the ransomware from its system , '' the company told PCMag in an email . `` We are working to restore additional systems and functions over the next several days . '' LabCorp declined to say what variant of ransomware was used . But according to The Wall Street Journal , the company was hitAttack.Ransomwith a strain known as SamSam . In March , the same strain attackedAttack.Ransomthe city of Atlanta 's IT network . Like other ransomware variants , SamSam will effectively lock down a computer , encrypting all the files inside , and then demandAttack.Ransomthe victim pay upAttack.Ransomto free the system . In the Atlanta attackAttack.Ransom, the anonymous hackers demandedAttack.Ransom$ 51,000 , which the city government reportedly refused to payAttack.Ransom. How much the hackers are demandingAttack.Ransomfrom LabCorp is n't clear ; the company declined to answer further questions about the attackAttack.Ransomor if it will pay the ransomAttack.Ransom. The lab testing provider first reported the breach on Monday , initially describing it as `` suspicious activity '' on the company 's IT systems that relate to healthcare diagnostics . This prompted fears that patient data may have been stolenAttack.Databreach. The North Carolina-based company processes more than 2.5 million lab tests per week and has over 1,900 patient centers across the US . `` LabCorp also has connections to most of the hospitals and other clinics in the United States , '' Pravin Kothari , CEO of cybersecurity firm CipherCloud , said in an email . `` All of this presents , at some point , perhaps an increased risk of cyber attacks propagating and moving through this expanded ecosystem . '' On Thursday , LabCorp issued a new statement and said the attackAttack.Ransomwas a ransomware strain . At this point , the company has found `` no evidence of theftAttack.Databreachor misuse of data , '' but it 's continuing to investigate . `` As part of our in-depth and ongoing investigation into this incident , LabCorp has engaged outside security experts and is working with authorities , including law enforcement , '' the company added .