SK shieldus recently noted that ransomware attacks are spreading, primarily targeting medical and educational institutions.
According to the KARA ransomware trend report published by SK shieldus on this day, the total number of ransomware incidents worldwide in the first quarter was 2,575, reflecting a 122% increase compared to the same period last year (1,157 cases) and a 35% increase compared to the previous quarter (1,899 cases).
Ransomware is a cyber attack method that encrypts files on computers or servers and demands payment for recovery. Recently, YES24 experienced a paralysis incident due to a ransomware attack, drawing attention here in Korea.
The report explained, "Recently, major ransomware groups that had ceased operations have re-emerged, and the method of extorting not only through encryption but also leaking stolen data or posting it on the dark web has become commonplace, leading to increased damage."
Attacks targeting hospitals and schools have been particularly prominent. The medical sector's damage has increased by 86% compared to the same period last year, while the education sector has seen over a 160% surge. In the past, public institutions such as hospitals and schools were often excluded from attack targets or would receive decryption keys without separate negotiations, but recently, cases have increased where these institutions are also demanded to pay high amounts of money without exception.
A representative case involved over 220,000 patient records being leaked from a hospital in Kansas, and a medical welfare institution in the UK was demanded $2 million (about 280 million won) after leaking sensitive information totaling about 2.3 terabytes (TB).
The report stated that the major ransomware group with the highest activity frequency in the first quarter of this year was Clop, which carried out a total of 341 attacks by exploiting vulnerabilities in the U.S. file transfer platform Cleo. Following that, RansomHub recorded 232 incidents, Akira 220 incidents, and the Babuk-Bjorka group recorded 179 attacks.
By country, the United States accounted for more than half (50.4%) of total damages, followed by Canada and the United Kingdom. By institutional sector, the manufacturing sector (25%) suffered the most, while various fields, including distribution, trade, transportation, services, and IT, web, and communications, were also targeted.
Kim Byeong-mu, vice president of the cybersecurity division at SK shieldus, said, "Globally, including the United States, ransomware attacks are spreading to public facilities like hospitals and schools, indicating that cyber threats are no longer limited to specific industries but are spreading across society as a whole," and noted, "Our country must manage security risks closely related to citizens' lives, such as in healthcare, education, and public services, in advance and must be prepared to respond effectively."