One Button Costs $270,000, One More Day is $13,000... The Endgame of Corporate Secrets Once Sold [Cover-Up ⑨]

▲Screen of the 'Medusa Blog' site operated by hackers on the dark web. A timer indicating the hacker and the remaining negotiation time flows above the logo of a domestic mid-sized company. (Photo by Dark Web screen capture)

On the main page of a site called 'Medusa Blog' on the dark web, a timer was counting down above the logo of a domestic mid-sized company that manufactures automotive parts. Along with a brief company introduction, there was a warning stating that the hackers possessed information such as business partners, major clients, accounting data, and the organizational chart. When the company name was clicked, a window labeled 'Proof Pack' expanded below, displaying sensitive sample documents such as contract details. This post was uploaded by the hacker on the dark web to prove to the victim company that "we have your company’s information."

The 'Delete All Files' button was labeled $200,000 (about 270 million KRW), and the 'Download Data Immediately' button was also labeled $200,000 (about 270 million KRW). This means that the victim company could pay the hacker to have the data deleted before anyone else sees it, or someone in need of the data could purchase it immediately. If the leaked data includes contract details with a finished vehicle manufacturer, it could have repercussions across the entire industry. The hacker even created a $10,000 (about 13 million KRW) 'Buy One More Day' button for cases where the victim wants to extend the negotiation period. If the payment is not made within the set time, the hacker tags the company as 'Negotiation Failed' and fully leaks the internal information of the company.

On May 14, Asia Economy accessed the dark web where hackers operate, with the help of cybersecurity company S2W. The dark web is an area of the internet that cannot be accessed through standard Internet Protocol (IP) addresses. It can only be entered via specific browsers or routes. It is a hotbed of criminal activity where stolen data is traded. The security industry estimates that there are about five million hacker-created sites on the dark web.

Seo Hyunmin, Director of S2W Business Center, said, "Recently, ransomware groups are more often referred to as 'data extortion groups.' They have evolved from simply encrypting data and holding it hostage to stealing the 'information that companies most want to hide' and using it as a negotiation tool."

▲The dark web market where corporate information is being sold. This site also contains data from Korean companies. Once the negotiation deadline passes, a "TIME UP" sign appears and all information is leaked. (Photo by Dark Web screen capture)

Last month, a robotics manufacturer that suffered a hacking attack also had its technical information leaked on the dark web. The hacker initially demanded a ransom and then threatened to upload the technical data to the dark web as a second phase. The company had hired a negotiation team and was waiting for a settlement, when the hacker suddenly sent an email demanding an additional 100 million KRW to prevent the data leak. The company’s CEO said, "When the negotiation team accessed the dark web and confirmed that our company’s data was posted, I broke out in a cold sweat. What if the technology ends up in a country like China? I had to prevent the worst-case scenario, so I paid the money."

He still cannot let his guard down. Recently, he visited a major security company and requested a reinvestigation. "The hacker only mentioned material A, but I wondered if they might also have more sensitive material B. I asked if they could check whether it had been leaked," he said. "I heard that hackers keep the most critical information hidden until the end, so I still feel anxious."

The extortion tactics of ransomware groups utilizing the dark web are becoming increasingly sophisticated. Director Seo said, "In the past, hackers threatened to sell the information to competitors, but nowadays they say, 'We will lower the ransom below the government’s penalty for a data breach, so pay up.'" This method is used when hackers extract personal information such as names, contact details, addresses, birthdates, customer IDs, and purchase histories from the victim company’s servers. In Korea, companies that cause personal data breaches can be fined up to 3% of their total revenue under the Personal Information Protection Act.

If hackers find such vulnerabilities, they post notices on dark web sites stating, "Your company’s stored personal information will be leaked. The penalty alone could reach billions of KRW. Contact us if you wish to negotiate." For hackers, this is a strategy to increase the success rate of their deals. For victim companies, the fear of being branded as lawbreakers, losing money, and facing lawsuits leaves them with little choice but to negotiate. Director Seo said, "These days, hackers analyze each country’s personal information protection laws and penalty systems, and then relentlessly exploit the victim company’s legal Achilles’ heel."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.