+ A

27 financial firms receive threats from hackers

July 01,2017
Korean financial institutions have become a major target of an international hacking group called Armada Collective. The group sent extortion messages to around 20 institutions including Korea Exchange, major banks and securities companies last week, threatening DDoS attacks unless they pay up in bitcoin.

The group demanded 10-15 bitcoin from each institution. That range of bitcoin was worth $24,784.30 - $37,176.45 as of June 30, according to CoinMarketCap, an online cryptocurrency site.

“At least 27 financial institutions have received the email,” said a source at the IT and financial information protection division of the Financial Supervisory Service.

The source said no institution has actually been attacked by the group so far.

The cyber gang threatened the companies with denial of service attacks on July 3 if they didn’t pay.

The Financial Supervisory Service called on the companies not to give in to the extortion, saying that it will continue to track and monitor the situation.

The hacking group targeted multinational VPN providers last year, but didn’t follow through with the emailed threats.

A local web hosting firm called Internet Nayana was hit by a ransomware attack earlier this month and resorted to paying the suggested demand of 1.3 billion won ($1.1 million) worth of bitcoin.

Korean branches of companies that were already vulnerable to hacking or business partners of the affected companies, in particular, were put on alert for a new strain of ransomware called Petya.

This week, Petya disrupted the shipping industry around the globe. According to Maersk Line, the world’s largest container shipper, it was forced to shut down computer systems at multiple locations and different business units to contain the bug following a global Petya cyberattack on Tuesday.

Industry insiders say the new malware can cause greater damage than the previous variation, the WannaCry ransomware, which disrupted over 230,000 computers in over 150 countries earlier in the year. The malware hijacks a computer’s Microsoft Windows operating system and encrypts files. The companies have to pay for the files to be un-encrypted

Due to this week’s attack, Maersk shut down some of the 76 ports it operates through affiliate APM Terminals. The latest update given by the Danish shipper Thursday said, “The situation continues to improve.” However, it didn’t give a detailed timeline for the restoration of its business to normality.

Korea’s shipping business could be affected as Hyundai Merchant Marine has formed a strategic partnership with 2M, an alliance consisting of the world’s two largest shippers: Maersk Line and Mediterranean Shipping Company (MSC). The so-called 2M+HMM strategic cooperation took effect in April.

According to Hyundai Merchant Marine on Friday, some of its cargo is loaded on vessels of Maersk, which means the location of that cargo is hard to track at the moment. Also, with operations of some APM Terminals affected, including terminals in Los Angeles, HMM cargo headed to that terminal is affected. While a container ship of MSC was carrying some HMM cargo to Los Angeles for arrival by Thursday local time, it is looking for another terminal to berth, according to updates from the Korean company as of Friday afternoon.

“We are keeping in close touch with Maersk to minimize damage,” a spokesperson from Hyundai Merchant Marine said.

The spokesperson added HMM’s cargo on either Maersk or MSC’s ships is not a large amount.

The Korean shipping line formed an emergency task force to guard against possible damage from a cyberattack on Hyundai’s operations.

“Under our CEO’s control, a task force was formed Wednesday right after we heard the news related to Maersk,” the spokesperson added. “The heads of our overseas offices are part of the task force and are delivering to us on-site situations and updated notices from Maersk.”

While HMM’s systems have not been directly affected by any cyberattacks, it is keeping a close watch on the recovery of Maersk’s IT systems.

The Korean branch of U.S. pharmaceutical company Merck Sharp & Dohme (MSD) was also reported to be affected by the malware.

The original infection was from its U.S. headquarters and it spread through the company’s internal network. MSD-Korea spokeswoman said they found infections in some computers late Tuesday night and are currently cooperating with an outside IT company for recovery. She confirmed, however, that most of the operations at the Korean branch are back to normal.

Despite the growing threats, many Korean companies are not prepared for cyberattacks.

Only 32.5 percent of surveyed companies said they spend money on information security, according to the Korea Internet & Security Agency.

The remaining 67.5 percent responded that they allocate no budget for information protection.

“Not all financial companies are willing to set aside enough of a budget for security,” said a source at Financial Security Institute, an independent security agency for the finance sector.

BY PARK EUN-JEE, KIM JEE-HEE [park.eunjee@joongang.co.kr]