$ 300 from each victim . These hackers extortedAttack.Ransom$ 1 million from one South Korean company . Hackers appear to have pulled offAttack.Ransoma $ 1 million heist with ransomware in South Korea . The ransomware attackedAttack.Ransommore than 153 Linux servers that South Korean web provider Nayana hosted , locking up more than 3,400 websites on June 10 . In Nayana 's first announcement a few days later , it said the hackers demandedAttack.Ransom550 bitcoins to free up all the servers -- about $ 1.62 million . Four days later , Nayana said it 'd negotiated with the attackers and got the payment reducedAttack.Ransomto 397 bitcoins , or about $ 1 million . This is the single largest-known payout for a ransomware attackAttack.Ransom, and it was an attackAttack.Ransomon one company . For comparison , the WannaCry ransomware attackedAttack.Ransom200,000 computers across 150 countries , and has only pooled $ 127,142 in bitcoins since it surfaced . Ransomware demandsAttack.Ransomhave risen rapidly over the past year , tripling in price from 2015 to 2016 . But even then , the highest cost of a single ransomware attackAttack.Ransomwas $ 28,730 . Nayana agreed to payAttack.Ransomthe ransomware in three installments , and said Saturday it 's already paidAttack.Ransomtwo-thirds of the $ 1 million demandAttack.Ransom. `` It is very frustrating and difficult , but I am really doing my best and I will do my best to make sure all servers are normalized , '' a Nayana administrator said , according to a Google translation of the blog post . The company is expected to make the final paymentAttack.Ransomonce all the servers from the first and second payoutsAttack.Ransomhave been restored . Trend Micro , a cybersecurity research firm , identified the ransomware as Erebus , which targets Linux servers for attacks . It first surfaced in September through web ads , and popped up again in February . `` It 's worth noting that this ransomware is limited in terms of coverage , and is , in fact , heavily concentrated in South Korea , '' Trend Micro researchers said Monday in a blog post . Paying ransomwareAttack.Ransomis at the victim 's discretion , but nearly all organizations , including government agencies and security researchers , advise against it .
Ransomware has largely been an opportunistic , rather than a targeted , form of cybercrime with the goal of infecting as many users as possible . That model has worked so effectively that extortion is now ubiquitous when it comes to cybercrime — so much so that even fake attacks are proving to be successful . As I wrote earlier this month , the surge of extortion attacksAttack.Ransomimpacting organizations has led to a number of fake extortion threats , including empty ransomware demandsAttack.Ransomwhere actors contact organizations , lie about the organization ’ s data being encrypted , and ask for moneyAttack.Ransomto remove the non-existent threat . Cybercriminals like to follow the path of least resistance , and an attack doesn ’ t get much easier than simply pretending to have done something malicious . However , attacksAttack.Ransomover the past year have proven that infecting organizations with ransomware can result in much higher payoutsAttack.Ransom. The more disruptive the attack , the more money some organizations are willing to pay to make the problem go away . As a result , ransomware actors are shifting their targets towards more disruptive attacks , which we examine in our latest report , Ransomware Actors Shift Gears : New Wave of Ransomware AttacksAttack.RansomAims to Lock Business Services , Not Just Data . It was just 13 months ago that Hollywood Presbyterian Medical Center made national attention by payingAttack.Ransom$ 17,000 to decrypt its files after a ransomware attackAttack.Ransom. The incident was novel at the time , but those types of stories have since become commonplace . Organizations need to take action to protect themselves against ransomware actors that are trying to find more effective ways to disrupt business operations and demand even higher ransom payoutsAttack.Ransom.