[Exclusive] ‘Business-Crushing’ Ransomware… National Police Agency to Launch Dedicated Investigation Team | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

With ransomware attacks (malicious programs that encrypt files and demand money) targeting businesses on the rise, the police have decided to form a dedicated task force to focus on investigating these incidents.

The National Police Agency announced on the 15th that it will establish a separate team within the Cyber Terror Investigation Unit at headquarters in the second half of the year, dedicated to investigating cyber terror incidents involving ransomware. The agency recently completed a reorganization and is currently reviewing detailed requirements for personnel selection and team composition. In addition, the police plan to analyze indicators that can identify ransomware groups and strengthen international cooperation with Interpol (International Criminal Police Organization).

Last year, there were several hacking incidents targeting companies, including the SK Telecom USIM information leak, a ransomware attack on Seoul Guarantee Insurance, and a personal information breach at Coupang. Unlike simple hacking that leaks personal information, ransomware not only encrypts files but also demands a ransom. Recently, a new method has emerged in which attackers first compromise IT system integrators and maintenance companies, then use them as vectors to infect client companies. In response, the National Police Agency, in cooperation with related ministries, issued its first official security advisory.

The police are currently conducting an intensive crackdown on hacking crimes through October. About 140 investigators from cyber terror investigation teams at provincial police agencies across the country have been deployed. Once a dedicated pool of personnel is established at headquarters to focus on ransomware cases, it is expected that attack methods and indicators identified during investigations can be systematically analyzed.

According to the Korea Internet & Security Agency (KISA), there were 1,277 security incidents such as ransomware, DDoS, and server hacking in 2023, 1,887 incidents in 2024, and 2,383 cases last year, showing an upward trend. Among these, 89.4% occurred at small and medium-sized enterprises. By industry, the manufacturing sector accounted for the highest share of damages at 47.4%.

A police official stated, “We are strengthening our response capabilities as ransomware attacks targeting businesses have been found to be increasing,” adding, “We will step up efforts to ensure these cases can be thoroughly investigated.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.