Regarding the recent ransomware hacking incident at the online bookstore YES24, the Korea Internet & Security Agency (KISA) refuted YES24's claim that it is "working closely with KISA" as being untrue.
On the 12th, KISA stated, "YES24 mentioned in its second statement released on the 11th that it is 'doing its utmost to analyze the cause and restore operations in cooperation with KISA,' but this is not true." It further explained, "To assess the situation of the incident, KISA analysts visited the YES24 headquarters twice on the 10th and 11th, but to date, YES24 has not cooperated with KISA's technical support."
It also noted, "So far, besides verbally sharing the situation at the time from YES24 during the initial site visit on the 10th, KISA has not confirmed anything further or conducted any investigations in cooperation with YES24." It added, "KISA plans to request continuous cooperation from YES24 so that it can quickly restore services and conduct an analysis of the cause of the incident."
While KISA experts were on standby at the headquarters to identify the cause of the hacking and manage the incident, it was reported that they were turned away by YES24, which issued a false statement suggesting it was cooperating with the authorities.
The explanation that KISA received from YES24 was limited to the existence of the ransomware problem. No information was obtained regarding how many servers were infected with malware, the extent of the damage, or the type of attack.
Previously, YES24 stated in its 'second statement regarding service access issues' that "the Chief Security Officer, Kwon Min-seok, and the related department are doing their utmost to analyze the cause and restore operations in cooperation with KISA." It also claimed, "As of now, the investigation results confirm that there has been no leakage or loss of any major data and that it remains preserved normally."
YES24 explained, "In the event of ransomware infection, if corporations have specialized analysis teams, they follow the procedure of conducting the primary analysis in-house and then reviewing it in conjunction with KISA." It added, "YES24 has an information security team and is conducting a joint investigation with KISA according to this procedure." YES24 has been experiencing access issues for the fourth day due to the ransomware hacking attack.