Many elements of society have changed as a result of the COVID-19 pandemic. To avoid COVID-19, which is communicated through droplets, most services were forced to become untact, and digital conversion was completed rapidly. Security flaws began to emerge in the act of working on a PC and communicating via messenger or e-mail. ‘Ransomware’ is gaining popularity.
Ransomware is a hybrid of ransom and malware, which is malicious programming that encrypts any data or networks on a computer and demands money in return for recovering them to their original condition.Because most business data is digital and kept on PCs, if data such as company secrets are linked to a ransomware assault, the entire company system may be immobilised, which may be deadly. Furthermore, because criminal organisations are international companies, tracing them through virtual assets such as bitcoin and other cryptocurrencies, as well as the dark web, where users and servers cannot be recognised, presents technological and procedural challenges.
Furthermore, with the activation of ‘Ransomware as a Service,’ which instals malicious code in the guise of a service if you pay a charge without programming skills, it is getting more difficult to respond in areas such as labour division, organisation, and crime intelligence day by day. With the recent breakout of a large incident in the United States amid the height of the COVID-19 crisis, global awareness of ransomware is growing.
Public safety is threatened by Ransomware
Colonial Pipeline, the largest oil pipeline corporation in the United States, was targeted by ransomware in May by a group of hackers known as ‘DarkSide.’ The Colonial Pipeline pipeline transports 2.5 million barrels of oil per day, which accounts for 45 percent of the supply in the eastern United States. The attack immobilised the Colonial Pipeline system, forcing the oil pipeline to be shut down for six days. Finally, the firm had no choice but to pay the hacking group $4.4 million (about 5.2 billion won) in bitcoin.
In the same month, the US division of Brazil’s JBS SA, a multinational meat processing firm, was targeted by a ransomware assault perpetrated by a group of hackers known as ‘REvil.’ JBS, which supplies 20% of the country’s beef, was forced to close its plants in the United States, Australia, and Canada for three days as a result of the attack, and was forced to pay $11 million in bitcoins. On June 2nd, the Massachusetts Steamship Administration was also infected with ransomware. Fortunately, the navigation system (GPS) or radar were not impacted, thus the ship and people on board were safe; nevertheless, if there was a malfunction, significant human damage might occur.
As a result, ransomware is exploited by criminals for financial gain; nevertheless, the harm is not just financial; it also impacts the safety of individuals or infrastructure, posing a threat to national security. Furthermore, the greater the severity of the harm, the more audacious and huge the criminals may demand, the more they tend to be. In May, SL, a parts manufacturing firm in Korea, was hit by ransomware, and employee personal information as well as data connected to international business were exposed to the dark web. There was also a situation when 35,000 businesses countrywide were denied access to the service after Super Hero, a domestic delivery service platform firm, was attacked, leading 15,000 riders to be injured.
According to IBM Security, worldwide business hacking damage hit an all-time high of $4.24 million (about 5 billion won) per incident from May 2020 to March 2021. Furthermore, the Korea Ransomware Violation Response Center forecasts that domestic damage would exceed 2.5 trillion won this year. As ransomware grows more valuable, multiple assault organisations create cartels or gangs to collaborate. The worldwide community is responding by creating the Ransomware Task Force (RTF), which includes law enforcement agencies from the United States, the United Kingdom, and Europe, as well as information technology (IT) security firms such as Amazon and Cisco.
The Korean government’s reaction to ransomware
The Korean government also launched the ‘Ransomware Response Reinforcement Plan’ on August 5, with the goal of establishing a management system for important national infrastructures and strengthening the security of small and medium-sized companies (SMEs). The main components of the ransomware response reinforcement plan are the establishment of a strong national important facility management system, the reinforcement of support for the security capabilities of small and medium-sized enterprises (SMEs), and the improvement of the nation’s immunity to ransomware.
To begin, the government will install the process control system of oil refiners in major information and communication infrastructure (infrastructure) that is required to establish and implement information protection measures by 2022 in order to prevent damage to society as a whole due to an accident in large infrastructure as well as the identification of infrastructure growth, such as the addition of an autonomous driving control system, and so on.Furthermore, the establishment of a backup system for infrastructure protection measures, a recovery plan in the event of a crisis, the inclusion of a business continuity plan (BCP), and on-site inspection of security equipment installed and operating at the external contact point of the information system in the public sector where network separation is difficult, and the DMZ section are required. In addition, emergency inspections and simulation training expansion will be implemented.
Furthermore, via the amendment of the Information and Communication Infrastructure Protection Act, on-site inspections and early evidence linked to the most recent security concerns, such as ransomware, are to be encouraged.
The government also concentrated on improving assistance for SMEs’ security skills. Small and medium-sized businesses (SMEs) are not only vulnerable to ransomware, but they are also difficult to respond to, making them prime targets for thieves.To strengthen the prevention of data loss for small and medium-sized enterprises (SMEs), the government decided to build a ‘data safe’ that supports cloud-based backup, as well as to support ‘three types of ransomware response packages,’ including mail security software (SW), vaccine, and detection/blocking software.