South Korean web-hosting firm Nayana has agreed to pay a $1m ransom to unlock computers frozen by hackers.
It is believed to be a record amount, although it is worth noting that many ransom payments are never made public.
Nayana’s chief executive revealed that the hackers initially asked for $4.4m, payable in bitcoin.
Security experts warned that firms should not pay such ransoms or enter into negotiations with hackers.
Angela Sasse, director of the Institute in the Science of Cyber-Security, said that she was surprised both by the size of the ransom and that the firm went public about paying.
“This is a record ransom from what I know, although some will have paid and not gone public.
“It could be that it had to disclose the amount under the South Korean regulatory structure or it could have been done out of a sense of public duty,” she said.
“From the attackers’ point of view, they might have preferred that the firm kept quiet. It is such a large ransom that it might spur a lot of companies to look more carefully at their security.