Korea on alert for ransomware attack, some damage reported

Korea remains on alert for the ransomware attack called WannaCry that has hit more than 230,000 computers in 150 countries since Friday.

As of Monday evening, a total of eight companies, including Korea's top theatre chain, and thousands of Internet Protocol addresses were reported to have been infected. No government organisations were found to have been hit by the attack yet.

"The figure (for the infections) is expected to rise as the week begins. We need thorough measures to prevent further damages on growing concerns about the spread of ransomware," said Yoon Young-chan, chief presidential secretary for public relations, during a briefing Monday.

"The government raised the nation's alert level on cyber crisis from attention to warning on Sunday evening in response to the ransomware attack that had caused damage across the globe," Yoon added.

The Ministry of Science, ICT and Future Planning, which is in charge of dealing with cyberattacks in the nation, said it had secured ransomware samples of a total of 48 mutated versions and shared them with local security software makers to respond to further damage.

There are around 280 mutated versions of WannaCry globally.

The ICT Ministry's suborganization Korea Internet & Security Agency urged local users to update their security software in order to prevent the ransomware attack, which misuses the vulnerabilities of Windows.

WannaCry, a ransomware programme targeting Microsoft Windows, is a type of malicious software that forces you to pay a ransom in order to access your own system.

This locks users out of their machines, demanding $300 (S$420) in Bitcoin -- a price which doubles after three days.

In Korea, the largest theatre chain CJ CGV was hit by the cyberattack at 50 of its theatre halls.

Thirty of its servers that release pre-movie commercials and 20 servers for commercials at lobbies were infected.

"Because of the ransomware infection, we are not able to show commercials at some theatres. We still have no problem showing movies," a CGV spokesperson said.

Apart from the movie theatres, there were reports of infections from a total of eight companies and more than 4,000 IP addresses, the government said.

There has been no report of damage in the government and the public sector yet.

"WannaCry is a highly dangerous ransomware as it can be automatically infected remotely. As ransomware attacks via emails are increasing, users should delete suspicious emails and back up important files," said Yoon Gang-taek, chief technology officer of the US software company Symantec Corp.

Experts said that small and medium-sized firms that still use older editions of Microsoft Windows systems, such as Windows XP, are more vulnerable to ransomware attacks.

Lim Jong-in, a professor at the graduate school of information security at Korea University, said, "This ransomware cyberattack is highly infectious and malicious. Companies need to update Windows to the latest version, which automatically patches an operating system."