The Korean government has launched a joint inter-agency response as new ransomware attacks targeting domestic small and medium-sized enterprises show signs of spreading. This marks the first time police have officially distributed a security advisory based on threat intelligence obtained during an investigation.
The National Police Agency announced on the 15th that it has released threat intelligence and urged businesses to exercise heightened vigilance after confirming domestic infections of new ransomware strains including “Midnight” and “Endpoint,” in collaboration with the Ministry of SMEs and Startups and the Korea Internet & Security Agency (KISA).
The ransomware is characterized by supply chain attack methods that first hack IT system development and maintenance companies, then spread to their client firms. While actual damage has primarily occurred among small and medium-sized manufacturers, concerns have been raised about potential spread to distribution, energy, and public institutions, requiring vigilance across all industries.
Attack methods are also becoming more sophisticated. According to analysis by police and KISA, attackers send malicious emails disguised as quote inquiries, job applications, or consulting requests to infiltrate internal systems, then install remote-control malware to steal account credentials and internal data. They subsequently use the stolen information to resend emails impersonating the compromised company to its clients, attempting further infiltration through this method.
Notably, these attacks have been identified as double extortion schemes that go beyond simple file encryption, exfiltrating data beforehand and then demanding payment. The structure increases pressure on victim companies to negotiate by using the threat of data disclosure as leverage.
Police determined that proactive prevention, rather than just reactive response, is necessary amid the recent surge in cybercrimes involving network intrusions, and established a joint response system with related ministries including the Ministry of SMEs and Startups. Based on threat intelligence confirmed during investigations, they identified high-risk sectors and prepared the security advisory.
The advisory contains information on malicious email types, attack techniques, and prevention and response measures, and has been distributed to related agencies, businesses, and member companies of KISA’s Cyber Threat Analysis System (C-TAS).
The government emphasized that adherence to basic security protocols by businesses is paramount. Key recommended countermeasures include refraining from opening emails and attachments from unknown sources, implementing external access controls such as virtual private networks (VPNs) and multi-factor authentication, and establishing data backup systems. In cases of suspected ransomware infection, businesses should immediately report to police or KISA without contacting the attackers.
The Ministry of SMEs and Startups plans to rapidly disseminate the security advisory using business data secured through its smart factory distribution program and R&D support programs, and will strengthen customized security training through briefings and educational programs.
“We are investigating attacks related to ransomware and plan to quickly share additional threat intelligence with related agencies and businesses,” a National Police Agency official said. “We will continue to enhance our response capabilities by expanding proactive security advisory distribution for high-risk sectors and strengthening public-private cooperation frameworks.”
Click Here For The Original Source.
