Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » Why Is South Korea Such A Target For Ransomware?

Why Is South Korea Such A Target For Ransomware?

by
Ransomware Targets South Koreans

Share this article

Ransomware attacks demanding cryptocurrency payments have been on the rise, striking police stations, hospitals, and (most recently) the city of Atlanta, Georgia. But no locale is suffering as much, say researchers, as South Korea.

Now a research team led by NYU Tandon School of Engineering cybersecurity expert named Damon McCoy believes that they have a new possible avenue for law enforcement professionals to follow when attempting to determine what happens to cryptocurrencies that are used to pay the demands made by ransomware creators.

Although the public nature of the Bitcoin blockchain has been called a design flaw by individuals like Edward Snowden, the researchers were able to track ransom payments made using Bitcoin by accessing transaction information on the public blockchain over a two-year period.

According to the research team, South Korea is a favorite target for ransomware attackers. $2.5 million of the $16 million in confirmed ransom payments were made by South Koreans who suffered an attack. The researchers have called for additional research to determine what makes South Korea especially vulnerable to ransomware attacks and how South Koreans can better protect themselves.

Could It Be North Korea?

The exceptional targeting of South Korea in ransomware attacks has led to speculation that North Korea is involved. Hacking groups in North Korea have already been implicated in major hacks of exchanges and theft of millions of dollars’ worth of cryptocurrency, which has been allegedly diverted to the country’s nuclear program (despite scant hard evidence).

North Korea is known to have engaged in cyberattacks against its enemies, including the major WannaCry attack last year; so it may not be surprising if ransomware attacks against businesses and civilians in South Korea are sponsored by hackers or agencies within North Korea.

In addition, ransomware attackers typically unloaded the tracked cryptocurrencies on a Russian exchange called BTC-E. (BTC-E has since been seized by FBI authorities.) Russia’s ties to North Korea are closer than many in the western world are comfortable with, and the choice of a Russian exchange may also point to cyberattacks emanating from the peninsula.

Researchers Become Victims of Their Own Research Topic

The researchers also ran ransomware binaries in a controlled environment to study its nature, but eventually became victims of a ransomware attack themselves. They took advantage of the situation to send micropayments to the attackers’ wallets to study what happened.

“Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically, and by injecting a little bit of our own money into the larger flow we could identify those central accounts, see the other payments flowing in, and begin to understand the number of victims and the amount of money being collected,” McCoy said.

The researchers did draw the line at exploring certain aspects of the ransomware ecosystem such as the percentage of victims who paid the ransom to recover their files, citing ethical concerns. McCoy said that doing so could actually cause victims to have to pay a double ransom to recover their files.

An assistant professor of computer science and engineering at the NYU Tandon School of Engineering,  Damon McCoy has made criminal use of cryptocurrencies one of his research focuses and has previously used Bitcoin advertising to track human trafficking. The current research on cryptocurrency-related ransomware was supported in part by grants from the National Science Foundation, Google, and Comcast.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.