Ransomware attack spreading in Korea
Government issues nationwide caution against WannaCry
The worldwide spread of “WannaCryptor” ransomware is raising a warning flag on cybersecurity in Korea even though it has not yet inflicted heavy damage here.
The Korea Internet & Security Agency (KISA) said Monday it has received nine official reports of the attack. CJ CGV, whose ad servers were affected by the malware, has not registered a report. No public organization has reported any damage yet.
The ransomware, which is also known as “WannaCry,” has been attacking servers of enterprises and public organizations worldwide, especially in Europe, since last Friday. According to Europol, it has affected about 200,000 computers in more than 150 countries.
The ransomware encrypts a victim’s data and demands cyber payments ranging from $300 to $20,000. The attackers threaten to delete the encrypted files if they don’t receive the ransom in seven days.
Consequently, concerns have escalated that servers of many Korean companies and government agencies could be exposed to the attack when they start business this week.
On Sunday, the Ministry of Science, ICT and Future Planning released a caution on the national cyber threat level. KISA also introduced a dedicated information website to the public. But this website crashed as of 9 a.m. Monday amid heavy traffic. The agency said it has received over 2,900 calls about the ransomware.
Cheong Wa Dae also called for nationwide caution on the issue.
“The damage inflicted by the ransomware, which abuses loopholes in Microsoft’s Windows operating system, is spreading worldwide,” the presidential office said in a statement, Monday. “We need thorough contingency plans to prevent damage.”
Cheong Wa Dae’s chief press secretary Yoon Young-chan said, “The National Security Office is taking actions to prevent the spread of damage.” He also advised people to turn their computers on and off while disconnected from the internet, deactivate server message block protocols and update antivirus programs.
Besides the government and public agencies, cybersecurity service providers and experts in the private sector said people should stay alert because there can be more diverse forms of ransomware attacks.
AhnLab, provider of the antivirus program V3 series, advised its users to turn on real-time monitoring and install updates. It also said Windows users should keep the operating system’s security features up to date.
“Korea is expected to have less damage compared to other countries thanks to quick responses from public agencies and security companies,” an AhnLab official said. “But there can still be more new types of cyberattacks.”
ESTsecurity, which provides the antivirus program Alyac series, said its program detected more than 3,000 ransomware attacks on Sunday.