Corporate and even hospital computing systems were paralyzed, all due to ransomware attacks. Ransomware is a type of malicious software that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever, or the ransom increases. With IT development and the growth of the cryptocurrency market, ransomware attacks are increasing.
On May 7, 2021, Colonial Pipeline, an American oil pipeline system, suffered a ransomware cyberattack that impacted the company’s computerized equipment. Colonial Pipeline halted all operations in response and paid the requested ransom fee (75 bitcoin or $4.4 million). In 2019, global aluminum prices rose 1.2% in Norway as aluminum manufacturer Norsk Hydro was attacked by ransomware. Ransomware damage to Korean companies is also increasing. In November 2020, E-Land was threatened with a 45 billion won ransom in exchange for decryption, along with several days of suspended department store operations due to ransomware attacks. Chainalysis, a blockchain data platform company, has reported that the annual damage caused by ransomware has tripled compared to 2020.
Then what is the countermeasure against ransomware? Recently, the U.S. Department of Justice announced that they would upgrade their investigative ransomware response to a level equivalent to the September 11 attacks and send all investigation information to the Ransomware Task Force (RTF). In Korea, the Korea Internet & Security Agency (KISA) established the Internet Infringement Response Center (KISC) in May. It supports analysis and damage recovery related to ransomware and provides a free service to check PC security. However, despite the continued increase in such damage, legal action has yet to be made. Therefore, we must try to protect ourselves from ransomware attacks. According to Ahnlab, an information security company, users should prohibit the execution of URLs with unknown sources in text messages or mails. Individuals and organizations must follow basic security rules and increase threat response. Once damaged, recovery is very difficult, so we must try to prevent it in advance.
저작권자 © 영남대학교 언론출판문화원 무단전재 및 재배포 금지