A Korean web hosting firm’s recent decision to pay a huge ransom to a group of cybercriminals sets a bad precedent, possibly opening the door for more criminals to target Korea for easy money, security experts said.

On Wednesday, local web hosting firm Nayana said it had decided to pay money to a hacker group that has paralyzed its 150 servers -- which also affected its 3,400 client websites -- since Saturday. 

“We completed the negotiations with the hacker and we are now preparing the money to buy bitcoins and restore the encoded servers,” the web hosting company’s CEO Hwang Chil-hong said on the firm’s website.

Nayana plans to pay around $1.1 million in bitcoins to the hackers in return for the restoration of its servers damaged by ransomware, a malicious code that penetrates computers and encrypts files.

The local firm said paying the money was necessary to save its 3,400 client websites, which are mostly small companies and startups.

“We know it is illegal (to pay the money) but we had no other choice. Otherwise, hundreds of thousands of people (from the client firms) will face damage,” the CEO of Nayana said in an interview with a local media outlet.

However, security experts said paying off such criminals would create a vicious circle, as it could result in more hackers targeting Korea for easy money.

“It is sad to see the damage faced by the hosting firm. But, from another perspective, the decision also left a bad precedent for other local hosting firms vulnerable to security (breaches),” said Shin Dae-kyu, head of the Korea Internet & Security Agency’s internet incidents response division.

The firm’s $1.1 million ransom is more than 1,000 times higher than the average of $1,077 that victims paid to cyber criminals last year.

Experts also said there was still no guarantee that they would restore the data even after receiving the money.

“The negotiation was the worst because even if criminals do not restore the data, there is nothing the hosting company can do,” said professor Lim Jong-in of Korea University’s department of cyber defense.

“The government should not view the incident as an individual company’s issue but should make all efforts to find the criminals and to prevent further attacks.”

On Thursday, the state-run KISA said it would begin research on restoring encoded data in order to reduce further ransomware damages. The agency also plans to join the No More Ransom Project led by the European Cybercrime Center.

“We will push for technology research and information sharing with related industries to dispel public fears over ransomware,” said KISA head Baik Kee-seung. 

By Shin Ji-hye (shinjh@heraldcorp.com)