Guía contra ransomware para PYMES coreanas: prevención, respuesta y recuperación

Corea registró 56 ataques de ransomware en 2025. 93% de las víctimas fueron PYMES.

Key Statistics (2025)

Metric	Number
Annual attacks	56 (5-year high)
SME victims	93%
Average downtime	16 days
Recovery rate after payment	~65%

Attack Vectors

Vector	Share
Email attachments	35%
Remote Desktop (RDP)	25%
Software vulnerabilities	20%
Supply chain attacks	10%
Other (USB, websites)	10%

Prevention: 3-2-1 Backup Rule

The foundation of ransomware defense:

• 3 copies of data
• 2 different storage types (NAS + external drive)
• 1 offline copy (air-gapped)

Security Basics

• Update all software regularly
• Disable or secure RDP behind VPN
• Use strong admin passwords (12+ characters)
• Enable multi-factor authentication (MFA)
• Train employees on phishing recognition
• Install real-time antivirus

KISIA Free Protection Program

KISA provides free security services to 41 SMEs including vulnerability assessments, ransomware response solutions, and security training. Apply at boho.or.kr.

During an Attack

Never Do

• Pay the ransom — no guarantee; marks you as repeat target
• Keep working on infected PC
• Delete encrypted files

Immediate Actions

1. Disconnect from network — unplug LAN, disable Wi-Fi
2. Report to KISA 118
3. Preserve evidence — screenshot ransom notes
4. Verify offline backups
5. Contact security professionals

Recovery: No More Ransom

nomoreransom.org offers free decryption tools. Use "Crypto Sheriff" to identify your ransomware. Never delete encrypted files — new decryption tools are regularly added.

Sharing Backup Credentials Safely

SMEs need to share backup admin passwords among team members. Sending via WhatsApp risks permanent exposure.

Use LOCK.PUB to create password-protected links:

1. Write backup credentials as a secure memo
2. Set password + expiration time
3. Share link with authorized personnel
4. Send password via separate channel (phone call)

Auto-deletes after expiration — no sensitive data in chat history.

Summary

Phase	Key Actions
Prevention	3-2-1 backup, updates, MFA, KISIA
During attack	Disconnect, KISA 118, never pay
Recovery	nomoreransom.org, restore from backup
Credentials	LOCK.PUB for safe sharing

Prevention is the best defense. Never pay the ransom.