IT outsourcing companies first infiltrate and then send a private email to access the customer
Computer paralysis after stealing internal data
Require ‘1 percent sales’ of normalization costs
Attacks on new ransomware infections targeting small and medium-sized Korean companies are spreading. Hacking organizations first infiltrate companies that are entrusted with IT-related tasks from various companies and then use them as a stepping stone to attack customers of the IT companies. In the past, ransomware was required to encrypt files and paralyze the system, but now it is holding confidential data hostage.
On the 16th, the National Police Agency said that a ransomware infection attack, a new malicious program targeting small and medium-sized Korean companies, has recently occurred.
According to the police, the attacker has been distributing two types of ransomware, including “Midnight” and “Endpoint,” since late last year. The two ransomware are spreading by infiltrating the internal systems of IT system construction and maintenance companies and infecting customers through them. Using the information of IT companies, impersonation emails are sent to customers and then they secure access to customers’ internal systems.
Many of the affected institutions are identified as small and medium-sized manufacturers, but damage is also confirmed in the fields of distribution, energy, and public institutions. In other words, attention is needed regardless of the industry.
The ransomware is launching a “double takeover” attack that requires more money by extracting internal data from affected companies in advance and using it as leverage. The attacker is using a strategy to increase the burden of negotiations on the affected companies, saying, “We will leak the data to the outside and disclose it.” Attackers demand ransomware-damaged companies to deposit virtual assets in exchange for decryption to return the system to normal, and the amount offered at this time amounts to 1% of the affected company’s sales.
The National Police Agency, the Ministry of SMEs and Startups, and the Korea Internet & Security Agency released threat information related to the ransomware and distributed security recommendations to related agencies and companies. The recommendations included basic rules such as △ prohibition of execution of e-mails and attachments with unclear sources △ control of external access such as virtual network (VPN) and remote access △ strengthening account management through the application of multiple authentication △ activation of a safe backup system.
The National Police Agency is investigating a new ransomware attack. This distribution of security recommendations is the first case in which the police issued an official recommendation based on threat information secured during the investigation. The police plan to quickly share related information to related agencies and companies as soon as additional threat information is identified.
