Ransomware attacks targeting S.Korean companies on sharp rise

Global hacker groups' ransomware attacks against domestic companies and organizations in the first quarter of this year have been revealed to total more than 900. Ransomware attacks created using non-mainstream computer languages such as Go and Rust are on the rise, requiring special attention.

Ransomware is a combination of "ransom" and "software." It is common for attackers to demand money by encrypting data and rendering it unusable.

Computer security company SK Shieldus and private-sector organization Korea Anti-Ransomware Alliance (KARA) released a first-quarter ransomware trend report on Friday containing this information. During this period, there were a total of 933 ransomware attacks, with almost half of them (464 cases) occurring in March.

One notable point is the prevalence of ransomware attacks created with new programming languages. Ransomware created using Go or Rust can attack various operating systems such as Windows, macOS and Linux with a single code. Because there are less analysis data available for those created using non-mainstream languages than the mainstream languages such as "C" and "C++," detection probability is lower.

An industry official explained, "Non-mainstream language ransomware has the upper hand in terms of encryption speed and can quickly disable enterprise and institutional systems, which is why hackers enjoy using them."

It is also notable that there are various methods of threatening victims and stealing data. Cases have been reported of publishing videos that access leaked data on the dark web, which cannot be accessed through typical means, or creating domains similar to those of victimized companies to publicly release captured data.

The group that carried out the most active attacks is the "Clop Ransomware" group. It has exploited vulnerabilities in file transfer software and affected more than 100 companies. A KARA official advised, "Thorough management of networks, infrastructure and assets is necessary, and you should decide in advance how to respond in the event of a security breach."

Write to Hyung-Chang Choi at calling@hankyung.com