New Ransomware Targeting SMEs Spreads... Security Advisory Issued

The Ministry of SMEs and Startups, the National Police Agency, and Korea Internet & Security Agency (KISA) announced on April 16 that special caution is needed following the recent confirmation of a new ransomware attack targeting domestic small and medium-sized enterprises (SMEs) demanding payment, identified as 'Midnight [Endpoint]'.

This ransomware is characterized by first attacking IT system integration and maintenance providers, and then spreading to their client companies through these service providers. Although most of the victims have been identified as small and medium-sized manufacturers, cases have also been reported in sectors such as distribution, energy, and public institutions, highlighting the need for vigilance across all industries.

The joint response to this ransomware attack comes amid a recent surge in large-scale hacking and other cybercrimes, with authorities determining that a shift from reactive measures to proactive prevention is necessary. The National Police Agency analyzed the incident and identified sectors and major risk factors with a high likelihood of damage. In order to prevent the occurrence of such crimes, the agency established a joint response system with relevant ministries. This distribution of a security advisory marks the first official case in which the National Police Agency has issued a security recommendation based on threat information obtained during an investigation, in cooperation with other ministries.

Ransomware. Pixabay

원본보기 아이콘

According to the analysis by the National Police Agency and KISA, the attackers infiltrate internal systems of IT integration and maintenance providers by sending malicious emails disguised as requests for quotations, job applications, or consulting inquiries. If a victim executes an attachment, remote control malware is installed, resulting in the leakage of internal information and account credentials to external parties.

Subsequently, the attackers use the stolen information to send additional malicious emails to client companies, impersonating the compromised service provider. Through this tactic, they obtain access to the client company's internal systems and then distribute ransomware.

Notably, this ransomware does more than just encrypt files: it employs a "double extortion" attack method in which internal data is exfiltrated in advance and payment is demanded. The attackers threaten to disclose the stolen data, further increasing the negotiation burden on victim companies.

The National Police Agency and KISA have proactively prepared and distributed a security advisory to relevant organizations and companies, detailing attack techniques, types of malicious emails, and prevention and response strategies to address this ransomware threat.

The most effective way to respond to ransomware is to block its initial infiltration. ▲Do not open emails or attachments from unknown sources ▲Control external access such as VPNs and remote connections ▲Strengthen account management by implementing multi-factor authentication ▲Activate secure backup systems and adhere to basic corporate security protocols. In particular, if a ransomware infection is suspected, organizations should not contact the attackers directly but must promptly report to the police and KISA.

The Ministry of SMEs and Startups plans to disseminate the security advisory more swiftly and systematically by leveraging its corporate database secured through existing support programs. In addition, it will continue to provide security education in cooperation with the National Police Agency and KISA throughout the year, utilizing various policy engagement points such as briefings, meetings, and training programs involving SMEs.

In particular, the ministry intends to strengthen customized security education for digital transformation manufacturing companies, such as smart factory adopters and smart manufacturing technology firms. Based on this effort, it will gradually enhance the overall cyber security response capabilities of SMEs by spreading successful case studies.

The National Police Agency is currently investigating attacks related to this ransomware and plans to promptly share any additional threat information with relevant organizations and companies. Going forward, it will strengthen public-private cooperation systems and continuously improve response capabilities to prepare for similar ransomware attacks.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.