South Korean police help take down cyber threat in Ukraine

Felix Kim

Police from South Korea took the cyber fight to the source in mid-June 2021 when they joined Ukrainian and United States officials in raiding the headquarters and outposts of a group of alleged cyber criminals responsible for large-scale ransomware attacks worldwide.

The group targeted in the Ukraine raid was suspected of launching “Clop” ransomware attacks on four South Korean companies in 2019, along with attacks on several organizations in the U.S. The Clop attacks were among the more notorious ransomware strikes in South Korea during a period in which they rose from 22 in 2018 to 39 in 2019 and 127 in 2020, according to the South Korean Ministry of Science and Information and Communications Technology (MSIT).

Clop attacks crippled E-Land, South Korea’s largest e-commerce firm, for days in November 2019, according to ZDNet, a technology news website. South Korean police responded to the attacks by teaming with police from the U.S. and Ukraine to investigate and raid the suspected perpetrators’ compounds in Ukraine.

The Ukrainian National Police said the raids resulted in the arrests of six people who are believed to have caused U.S. $500 million in damage through ransomware attacks.

Ransomware attacks are becoming more prevalent in South Korea, which recorded 78 such attacks in the first half of 2021, the MSIT reported. Super Hero, a 15,000-employee food delivery company, was attacked in May, immobilizing its operations for hours, reported Yonhap, South Korea’s government-affiliated news agency.

“Ransomware activity continues to increase amid the rise of cyber threats due to COVID-19, and moreover, the recent cryptocurrency craze is expected to continue to intensify the threat of ransomware,” Min Ji Choi, a member of the malicious code analysis team at South Korea’s KAIST Cyber Security Research Center, wrote in a May 2021 report.

The rise in e-commerce and remote work has created openings for ransomware attackers, Choi said. Attackers use ransomware to encrypt critical data and then demand ransom payments from victims in exchange for releasing the data. They often operate anonymously by demanding payments in cryptocurrency.

In addition to the police raids in Ukraine, such as the one pictured, the South Korean government is responding in multiple ways. In May 2021, the MSIT conducted a two-week cybersecurity exercise on 230 businesses, up from 83 companies participating in 2020, Yonhap reported. The exercise detected 114 security flaws in the websites of 30 companies. The MSIT scheduled more exercises aimed at countering ransomware attacks for October 2021.

The South Korean government also announced in February 2021 a U.S. $500 million investment to boost the country’s cybersecurity. A cybersecurity alliance of major firms will collect and share risk information and strengthen cyber incident response for popular websites by identifying threats in advance.

Felix Kim is a FORUM contributor reporting from Seoul, South Korea.

IMAGE CREDIT: UKRAINIAN NATIONAL POLICE