Hackers target more Koreans through new ‘ransomware’

Korea has recently come under the attack of so-called ransomware, a type of malicious software that prevents users from accessing their computers until they pay a ransom.

Different types of ransomware in the Korean language first appeared last year, typically demanding a ransom paid in bitcoins, which are hard to trace.

Ransomware attacks were few and far between until 2014, but the number of reported cases reached 4,440 by last year, according to local cybersecurity firm Symantec Korea. The figure drastically surged at the end of last year, with more than 2,000 cases reported by the end of the fourth quarter. Until the second quarter, the number stood at around 30 cases per month.

That annual record is more than all cases reported in the United States to the Federal Bureau of Investigation.

According to the FBI, there were a total 2,453 ransomware cases reported in the United States. More than $24 million was paid out to regain data.

Ransomware is typically delivered through a phishing email or website. Hackers use it to apply an encryption that makes data stored on a victim’s computer unreadable, after which they threaten to delete the data unless a ransom is paid.

Experts said that more and more ordinary people have become targets of attack.

“Many different types of ransomware have steadily developed over the recent years,” said Patrick Youn, a senior manager at Symantec Korea. “From last year, those viruses began spreading across individual users’ email accounts from portal websites.”

Until now, hospitals, schools and other public institutions were most commonly attacked because they contain treasure troves of invaluable personal data.

Detected ransomware now includes the Korean-only cryptXXX ransomware, which was first reported last week.

Korean versions of CryptoLocker and Radamant are among the most common variants found last year.

In some of the nastier cases, hackers have used ransomware to access explicit photos of victims stored on their computers and threatened to publish them unless they pay up.

Youn said that the hackers typically demand between 200,000 won ($170) and 500,000 won.

“The malware found in Korea usually asks victims pay at least 200,000 won in return for gaining access to their data,” Youn said. “But in most cases, the payment is around 500,000 won.”

There is no specific security program that can completely protect users against the risk of malware.

Local cybersecurity firms such as AhnLab developed security programs to combat malware, but they’re only able to protect against certain types.

Security experts said that the best solution for the ransomware problem is for people to regularly back up their data on external drives.

BY PARK EUN-JEE [park.eunjee@joongang.co.kr]