“Server Backup Completed” Yes24 Clarification, It Was False… “Paid Hundreds of Billions in Bitcoin to Hackers”

|

Yes24 Hacking Incident, Controversy Over False Explanation Spreads

Yes24 is facing controversy for providing misleading explanations during the recent ransomware hacking incident.

Previously, on the 9th, all services of Yes24 were suspended due to a ransomware hacking attack.

A 'ransomware' attack is a hacking method where hackers use malicious code to encrypt a system or data and then demand money, considered one of the most threatening forms of cyber attacks targeting businesses and institutions.

On the third day of the hacking incident, Yes24 stated, "Server backup is complete, and recovery work is in progress," but the reality was different.

Image 1

According to an exclusive report by JTBC on the 25th, it was revealed that Yes24 had requested hackers to decrypt their server by paying billions of won worth of Bitcoin at that time.

A security industry insider told JTBC, "Yes24 did not properly copy and store the servers where key data such as payment records and order information were saved."

Image 2

He added, "As the downtime extended, the company had no choice but to pay a large amount of Bitcoin to the hackers who conducted the ransomware attack."

The information stored on the servers was not backed up in time, leading to the use of last resort measures.

Yes24 is reported to have paid billions of won in Bitcoin to the hackers.

Image 3

Issues of Poor Security Management Come to Light

This incident has revealed serious issues in the security management system of Yes24, a major online bookstore and ticket booking platform in South Korea.

Professor Hwang Seok-jin from Dongguk University’s Graduate School of International Information Security pointed out in the media, "One should never compromise with hackers," and suggested, "I think they may have compromised due to the fact that full recovery was not possible."

Yes24 had previously been embroiled in a 'false explanation controversy' on the 12th.

The company stated, "We are doing our utmost to analyze the cause and carry out recovery work in cooperation with the Korea Internet & Security Agency (KISA) under the Ministry of Science and ICT," but KISA said, "There are parts of Yes24's announcement that are factually incorrect," adding that there had actually been no cooperation from Yes24.

KISA officials reported, "Despite requests for technical cooperation for accident analysis and recovery, Yes24 did not allow access. Although experts were on-site, proper investigations were not conducted for two days."

In response, Yes24 stated, "For companies with specialized analysis teams, we follow a procedure of conducting a first-level internal analysis and then conducting a comprehensive review with KISA."

The company also added that "This incident serves as an opportunity to reevaluate our security system from the ground up."

Naver TV 'JTBC News'

Image Source: News1, Reference images for understanding the article / gettyimagesbank, jtbc

recent NEWS