Home / Archive / Don’t Pay Bitcoin Ransoms, South Korean Govt Tells Banks Facing DDoS Threats

Don’t Pay Bitcoin Ransoms, South Korean Govt Tells Banks Facing DDoS Threats

Last Updated March 4, 2021 4:57 PM
Samburaj Das
Last Updated March 4, 2021 4:57 PM

The Financial Supervisory Service of South Korea has told local banks not to cave into threats by DDoS attackers following this month’s million-dollar bitcoin ransom paid by South Korean web hoster Nayana, the victim of a ransomware attack.

According to local reports, the Financial Supervisory Service (FSC) has sent official letters to a number of local financial companies on Monday, urging them not to yield to threats by DDoS attackers. The Korea Times  reveals that infamous DDoS group, the Armada Collective, has sent threats to at least seven banks, some securities brokerages and the operator of the Korea Exchange last week. The seven banks include some of Korea’s largest lenders, namely: Shinhan, Kookmin, Woori, KEB Hana, Nonghyup, IBK, and KDB.

The precedent was set by South Korean web hosting firm Nayana, which paid out a total of 397.6 bitcoins (over $1 million at the time) to recover the data of websites belonging to some 3,400 customers following a ransomware attack that began a fortnight ago.

The threat: In extortion messages sent to these financial institutions between June 20 and June 23, the Armada Collective demanded between 10 to 15 bitcoins (approx. $24,000 – $36,000) or face disruption via DDoS attacks.

The attackers have already carried out attacks against smaller banks on Monday. The Korea Financial Telecommunications & Clearings Institute (KFTC) received an extortion threat at 9:50 AM on Monday morning, immediately followed by a minor DDoS attack at 9:52 AM. The attack lasted for 16 minutes, according to the Korea Times report.

Notably, the Armada Collective’s threat has marked Wednesday as ‘D-day’, with the threat of a large-scale attack to be carried out tomorrow. The DDoS group has successfully extorted companies in the past.  A high-profile incident in late 2015 saw encrypted email service provider Protonmail give in to a demand of 15 bitcoins (approx. $6,000 at the time) to stop crippling DDoS attacks that exceeded speeds of 100Gbps.

A report from Business Korea adds that the Korea’s FSC has triggered an ‘emergency procedure’ with banks, mobile carriers and the Financial Security Institute as a precautionary measure in the wake of these recent threats.

FSC governor Zhin Woong-seob also met with bank CEOs on Monday and was reported as stating:

With the expansion of fintech, cyber risk is increasing with hackers attacking the financial sector. We need to take measures to fend them off.

DDoS code image from Shutterstock.