The online bookstore YES24 experienced a hacking attack on the 9th of this month, causing its computer system to crash and rendering its website and app unavailable for four days. With book orders, browsing, and concert ticket reservations all suspended, approximately 20 million subscribers faced significant inconvenience, and YES24 only began recovery five days after the incident. The hacking attack on YES24 is a representative case of the 'ransomware' that has been rampant around the world recently. As ransomware attacks, which seek monetary gain by holding important information hostage, become increasingly aggressive, corporations are urged to remain vigilant.
Ransomware is a combination of 'ransom' and 'software,' and it is a type of malicious code that hacks into a personal or corporate computer or server, encrypts data, and demands payment to restore it. The purpose of a ransomware attack is 'money.' While typical hacking focuses on stealing information or showcasing skills, ransomware locks users out of their data and demands payment to unlock it. Hackers can also enhance their bargaining power by threatening to leak stolen information or confidential details. If corporations or institutions do not pay the requested amount, sensitive information is sold on the dark web.
According to the security industry on the 25th, ransomware attacks are on the rise globally, and the methods of attack are becoming more sophisticated and advanced. According to SK shieldus's ransomware report, the total number of ransomware incidents worldwide in the first quarter of this year was 2,575, marking a 122% increase compared to the same period last year (1,157 incidents). Compared to the previous quarter (1,899 incidents), this represents a 35% increase.
SK shieldus noted, 'A total of 484 ransomware incidents occurred just last month,' adding, 'Recent ransomware variants are rapidly emerging due to source code leaks, and the methods of attack are changing in unpredictable ways.'
The first ransomware attack appeared in 1989, but it began to emerge as a headache in the field of cybercrime after the introduction of Bitcoin in 2009. Previously, it was difficult to avoid government tracking during the process of transferring money or withdrawing cash, even when demanding ransom. Now, however, hackers request payment in cryptocurrencies like Bitcoin, making it easier for them to conceal their identities and operate.
Bloomberg reported, 'Ransomware is attractive from the hackers' perspective due to its relatively low risks and the ease of generating revenue.' It added that 'more sophisticated malware and new technologies have fueled the spread of ransomware in recent years.'
Ransomware is the fastest-growing category of cybercrime. According to the security firm Cybersecurity Ventures, the global damage from ransomware is projected to grow from $57 billion (approximately 77 trillion won) this year to $275 billion (approximately 373 trillion won) by 2031, roughly a fivefold increase. Cybersecurity Ventures stated, 'As hackers advance their malicious code and extortion techniques, a ransomware attack occurs every 2 seconds.'
In Korea, there were at least nine ransomware attacks targeting corporations and institutions from January to April this year. In addition to YES24, a ransomware group called IntelBroker announced in January that they had stolen the Ministry of Environment's source code and were selling it on the dark web, while the home appliance manufacturer Shinsung Deltatech was attacked by another ransomware group called Rynx. In fact, hackers primarily target manufacturing sectors, which contain a lot of valuable data like corporate confidential documents, customer information, and contracts. Looking at just last month's ransomware attack trends, 114 incidents, or 24% of all ransomware attacks, targeted the manufacturing industry.
Recently, there are concerns that AI-based ransomware is emerging, and its commercialization as a Ransomware as a Service (RaaS) model is expected to increase the scale of damage.
Ransomware attacks generally attempt to infiltrate users' computers or servers using phishing emails or messages, and generative AI allows malicious actors to easily and quickly produce large volumes of phishing emails while avoiding detection. The FunkSec group, which emerged at the end of last year, spread ransomware that excels in evading detection by utilizing large language models.
The evolution of ransomware into a business model called RaaS is also problematic. RaaS is a service that allows even non-experts to conduct ransomware attacks by simply paying money. The security firm Kaspersky noted, 'The RaaS platform RansomHub provides malware, technical support, and a revenue-sharing system, enabling even non-experts to carry out sophisticated ransomware attacks,' saying, 'This accelerates the emergence of new ransomware groups.'
It is explained in the security industry that corporations in Korea tend to hide the fact that they have been victimized. An industry insider stated, 'More companies are choosing to pay quietly and normalize business operations without reporting ransomware attacks,' suggesting that the actual number of attacks may be higher than what statistics show. In the case of YES24, the damage became known when Kookmin Party lawmaker Choi Soo-jin revealed it as a ransomware attack.
Experts stress that there are no effective solutions after a ransomware attack, making prevention crucial. They advise corporations to invest in security measures such as software updates and backup systems. It has been confirmed that YES24 was already using outdated operating systems (OS) like 'Windows Server 2012', for which Microsoft has ended technical support.
Yeom Heung-ryeol, an honorary professor in the Department of Information Security at Soonchunhyang University, stated, 'Even if a ransomware attack occurs, if key files are backed up in advance, it can give an advantage in negotiations when ransomware organizations demand a ransom,' and noted, 'Since ransomware organizations target money, a cartel has formed, and its scale is growing.'