+ A

WannaCry malware brings tears, hassles to some Koreans

May 16,2017
이미지뷰
A staffer at the Korea Internet and Security Agency’s emergency center in Songpa, eastern Seoul, monitors a WannaCry attack on Monday. [JEON MIN-GYU]
The malware strain called WannaCry, which holds users’ computers hostage until they pay money, hit Korea and seems to be spreading.

Since Friday, some nine malware attacks were reported, including on the computer systems of Korea’s biggest movie theater franchise, CGV. Some 13 suspected cases were found as of 5 p.m. Monday, according to the state-run Korea Internet and Security Agency.

As of the same hour, the agency received 2,931 phone calls at its 118 emergency call number from users wondering if their computers were attacked by the malware, which in other countries has been demanding ransoms paid in Bitcoin.

Computer systems for the commercials that are played before movies at CGV theaters were infected Monday morning. As a result, ransom notes were displayed on movie screens in 30 branches nationwide promising to decrypt the infected computer files after a payment. Some 20 displays in lobbies or at ticket counters that show coming attractions also contracted the virus. CGV scrambled and ended up screening films without the commercials. Some of the commercial servers were later restored.

“We had no problem playing the actual movies,” said a spokesman for the chain. “We are still looking into the damages and monitoring the course of the recovery.”

The virus has afflicted hundreds of thousands computers in 150 countries around the world. A piece of software encrypts a computer’s files and will only decrypt the files in return for a payment, typically via Bitcoin, an online currency.

The targets of most malware attacks activate the malware when they click on a link or open a document contained in a spam email. But WannaCry is automatically activated on a computer connected to the internet.

Any Windows computer without Windows Patch MS17-010 is known to be vulnerable. Microsoft on Sunday officially released another patch.

It is unclear who is behind the attack. But it appears that a tool known as Eternal Blue developed by U.S. spies was used by the hackers to supercharge an existing form of criminal malware, according to the Financial Times on Saturday, which cited three senior cyber security analysts.

According to guidelines from the Korea Internet and Security, computer users are encouraged to disconnect their LAN and WiFi networks before booting their computers and to download security software on to their computers. The public agency also advised that users upgrade their computers’ firewall settings.

Even though the number of attacks in Korea is smaller than expected, the actual scale of damage could be substantial, according to cybersecurity experts, given that companies tend to be reluctant to report attacks to authorities.

In Spain, European telecom giant Telefonica succumbed to the hackers’ threat to shut down 85 percent of its computers in return for $550,000 in Bitcoin payments.

About 40 National Health Service trusts across England and Scotland were hit by the malware and some hospitals and general practitioners have been unable to access patient data, the BBC reported Monday. FedEx, the U.S. delivery services company, also fell victim.

Russia, which is often suspected of starting cyberattacks, was hit hardest this time, the New York Times reported.


BY SEO JI-EUN [seo.jieun@joongang.co.kr]