[Square] Ransomware Pandemic 'Randemic Era', Now a Security Threat

The current cyberspace can be aptly described as experiencing a "randemic" (ransomware + pandemic), with a global ransomware threat pandemic ongoing for several years.

In 2017, a major incident occurred where 153 out of approximately 300 Linux web servers operated by the domestic web hosting specialist company "Internet Nayana" were infected with the so-called "Erebus" ransomware. The hackers threatened by holding encrypted data hostage, and the company agreed to pay the hackers about 1.3 billion KRW worth of Bitcoin as negotiation and decryption fees to recover customer data. This news sparked much controversy within and outside the industry regarding the response approach.

The author pointed out at the time that this set a bad precedent for ransomware response. It proved to hackers worldwide the possibility of a high-profit ransomware market where encrypting data of major companies and threatening them could yield large sums of money in Bitcoin, increasing the likelihood of similar attacks recurring in the future.

Four years later, ransomware threats have steadily evolved, expanding beyond disrupting business activities and causing massive financial damage to threatening national cybersecurity. However, threat actors still freely roam across the globe. Additionally, in government-level cyber espionage and sabotage cases, there are ransomware infection disguises aimed at hiding infiltration evidence separate from monetary gain, indicating that cyber weapon strategies among major powers will undoubtedly become increasingly competitive.

Therefore, the international community must unite to classify serious cyber threats as strong criminal acts akin to terrorism and promote close solidarity and cooperation among judicial authorities of each country to actively strengthen punishments and arrest activities against cyber threat actors.

Various threats occurring in cyberspace are sometimes managed by independent threat actors, but large-scale organized threat activities are mainly caused by government-level support or neglect and the guarantee of internet anonymity. To suppress and prevent cybercrime activities, it is crucial for nations to show active interest and take firm and consistent policy stances on cyber threat prevention.

Just like the Nuclear Non-Proliferation Treaty (NPT), it is now time for close discussions among heads of state and international mutual agreements to prevent the spread of cyber threats. Efforts are needed to establish norms and systems addressing major cyber threat issues to reduce and eliminate increasingly serious inter-state cyber threats. This is one of the prerequisite tasks that can track down and arrest cyber threat actors to hold them legally accountable and lay the groundwork for preventing future recurrences.

Just as the COVID-19 pandemic continues to threaten people's lives, various cyber threats including ransomware are constantly targeting our information. It is time to closely monitor the security situation in cyberspace, resembling a war zone without gunfire, and invest more attention and resources in preventing damage.

Moon Jonghyun, Director, ESRC (Security Response Center), ESTsecurity

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.