The ongoing COVID-19 pandemic has contributed to more digital transactions and increased online activity for both licit and illicit purposes, including the distribution of ransomware. Thanks to bad actors ranging from North Korean hackers to domestic cybercriminals, South Korea has a long history of exposure to this specific form of malware, which denies access to a computer system and/or digitalized files until a certain sum of money is paid, often through cryptocurrencies like Bitcoin. As phishing schemes and ransomware attacks are likely to target provisional funds from the recently endorsed $30 billion pandemic-related relief budget, Seoul has committed to investing resources in both domestic and international efforts against cyber-enabled financial crime.
Ransomware functions as an inexpensive tool to disrupt both major and minor network systems with potentially high financial gain, making it a significant cybersecurity threat for both the South Korean economy and the average citizen. The South Korean Ministry of Science and ICT has demonstrated particular interest in addressing this form of cyber-enabled financial crime in recent months. For example, the ministry organized two-week cybersecurity exercises for 230 Korean companies in May amid reporting that South Korea suffered 127 ransomware attacks last year, more than double the number of cases reported in 2018 and 2019 combined. Beyond informing these companies of the potential risks of ransomware, these exercises led to the detection of 114 security vulnerabilities, which could have resulted in exploitation via ransomware.
Seoul has also taken legal action against ransomware distributors and operators. South Korean authorities recently filed charges against nine employees of a Korean computer repair company that allegedly created and installed ransomware on their customers’ computers, netting more than $321,000 in ransomware payments from 40 companies throughout 2020 and 2021. The ministry raised the national cyber threat warning last month due to concerns of increased cyberattacks during the ongoing pandemic, indicating a continued government effort to crack down on cybercrime.
The international community has also adopted new protocols to address the distribution and use of ransomware. Earlier this week, the United States Office of Foreign Assets Control (OFAC) issued the first-ever U.S. sanctions against a Russia-based cryptocurrency exchange for facilitating transactions related to ransomware. As a result, U.S. persons and entities are subject to fines and criminal procedures for conducting any business with the exchange, which has expanded the breadth of U.S. cyber-related sanctions.
While Seoul does not possess the same economic toolkit as Washington, South Korea has demonstrated its ability to contribute to global efforts combating the distribution of ransomware through its National Policy Agency (NPA). For example, the NPA collaborated with Ukrainian police and the U.S. government to arrest several members of the Clop ransomware cartel in June 2021. This organization extorted personal data and funds from companies across the globe, including South Korean retail giant E-Land Group, which had to close nearly half its stores due to the ransomware attacks.
South Korea also contributes to the structuring of regulation norms for cryptocurrency and financial technology as Seoul has already taken strides to regulate cryptocurrency exchanges and digital wallet operators. The May 2021 Biden-Moon summit also provided a buildable framework for Seoul and Washington to expand their joint cyber efforts as they pledged to establish a cyber-working group focused on enhanced cooperation among law enforcement and homeland security agencies to combat ransomware attacks.
As the proliferation of ransomware and its financing through cryptocurrencies will likely increase among crime groups, South Korea and like-minded countries should continue to invest in joint cyber operations and criminal investigations to expand their jurisdictional reach and enforcement capabilities.