[Weekend Briefing] Ransomware attack at taxi company causes chaos in South Korea

[Weekend Briefing] Ransomware attack at taxi company causes chaos in South Korea

By Kuksung Nam and Dain Oh, The Readable
Jul. 22, 2022 8:20PM KST

Hello, it’s Kuksung Nam and Dain Oh in South Korea. We have picked five news stories for you. For the next week, we will have summer break. Have a great weekend!

1. Ransomware Attack at Taxi Company Causes Chaos in South Korea

A ransomware attack on July 17 paralyzed the networks of a taxi service company, which provides the operating system for ride hailing services through smartphone applications and phone calls. Taxi drivers and passengers across the country, including the cities of Busan, Daejeon, and some parts of Gangwon province, were affected by the attack for more than three days. “2933 taxi cabs were using the operation system that was infected with ransomware. We have been notified that approximately 80% of the cabs are back in business,” said an official in the city of Daejeon on Friday. The company paid the ransom to the hacker and got the decryption key for restoring their computer system. “We are still recovering the servers that are infected. We are not sure when the servers will be fully recovered,” said the official of the company. The local news reported that the hacker used a Russian IP address, and the police are investigating the possibility of both domestic and foreign actors.

2. South Korean Court Rules in Favor of Protecting Personal Data

The Constitutional Court of South Korea ruled on Thursday in a 9-0 decision that the Telecommunications Business Act violates the constitutional rights of the individual to disclose and determine the use of their personal data. Under the current Telecommunications Business Act, telecommunication companies in South Korea can reveal the personal data of specific users if requested by law enforcements. The personal data includes names, registration numbers, addresses, and cell phone numbers. Furthermore, the companies are not obliged to notify users whose information has been delivered to the investigators. “The act [of law enforcement] of requesting and receiving the personal information from the telecommunication companies does not violate the constitution,” the Constitutional Court said in a statement. “The act of not notifying the individual of the transaction violates the constitution.”

3. Drug Suspects Who Grew Cannabis and Sold It Through the Dark Web Were Arrested

South Korean law enforcement apprehended a total of 67 drug suspects, including those who grew cannabis in city stores, a local police agency announced Thursday. According to a press release by Gyeonggi Nambu Police Agency, a police agency which oversees the southern province of Gyeonggi-do, three suspects organized a drug gang from August 2021 to May 2022 and cultivated cannabis in four stores, located in Seoul, the capital city of South Korea. The gang divided up the roles, such as supplying, recruiting, and money laundering, and sold cannabis through the dark web. Some of the other suspects used an abandoned factory in Gyeonggi province as a cannabis farm and sold cannabis through the dark web from March to August of last year. Eleven suspects were found to be related to cultivating and selling cannabis and 56 suspects were found to have bought the suspects' cannabis on the dark web. The police arrested the buyers simultaneously. “Even though criminals are using the dark web and virtual assets in order to avoid detection, the police are utilizing a cutting-edge technology to track criminals,” said the spokesperson for the agency.

4. Seoul National University Hospital Data Breach May Put 810,000 Patients at Risk

A cyber-attack on one of the largest university hospitals in South Korea may have compromised the personal information of as many as 810,000 patients, according to the hospital’s data breach report.  The Seoul National University Hospital, which provides medical service to 9,000 outpatients per day, suffered a cyber-attack in June 2021. On July 8, the hospital said in a notice on its website that the police had discovered an additional data breach while investigating the cyber-attack. Although the hospital revealed the types of data that may have been compromised, the organization did not disclose the number of patients that have been affected by the data breach. The revelation came after South Korean Congressman Jeon Yong-gi released the hospital’s report to the press on Monday. Meanwhile, a local news agency reported last year that a hacking group sponsored by the North Korean government could be responsible for the attack.

5. South Korean Officials Raid Crypto Exchanges in Probe of Luna Crash

The investigation of the meltdown of the cryptocurrencies Terra and Luna is taking a step forward in South Korea. The Seoul Southern District Prosecutors Office said they had executed a search warrant Wednesday at 15 properties as part of an investigation into a fraud charge filed against the founder and the co-founder of Terraform Labs. Terraform Labs is the company behind the Terra and Luna stablecoins. The founder and the co-founder of the company are facing a legal challenge in South Korea over the collapse of the Terra and Luna cryptocurrencies. Seven local cryptocurrency exchanges were raided that night over the same claims, according to the officials. The Seoul Southern District Prosecutors Office said that they could not disclose information about the data the prosecutors collected because the case is still under investigation. The local news reported on July 20 that a team of investigators carried out the search and seizure operation for the Luna and Terra transaction records of the founder and the co-founder of Terraform Labs.


The cover image of this article was designed by Sangseon Kim.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.