韓國中小企業勒索軟體應對指南:預防、回應與復原
2025年韓國報告56起勒索軟體攻擊創歷史新高,93%的受害者是中小企業。

韓國中小企業勒索軟體應對指南:預防、回應與復原
2025年韓國報告56起勒索軟體攻擊創歷史新高,93%的受害者是中小企業。
Key Statistics (2025)
| Metric | Number |
|---|---|
| Annual attacks | 56 (5-year high) |
| SME victims | 93% |
| Average downtime | 16 days |
| Recovery rate after payment | ~65% |
Attack Vectors
| Vector | Share |
|---|---|
| Email attachments | 35% |
| Remote Desktop (RDP) | 25% |
| Software vulnerabilities | 20% |
| Supply chain attacks | 10% |
| Other (USB, websites) | 10% |
Prevention: 3-2-1 Backup Rule
The foundation of ransomware defense:
- 3 copies of data
- 2 different storage types (NAS + external drive)
- 1 offline copy (air-gapped)
Security Basics
- Update all software regularly
- Disable or secure RDP behind VPN
- Use strong admin passwords (12+ characters)
- Enable multi-factor authentication (MFA)
- Train employees on phishing recognition
- Install real-time antivirus
KISIA Free Protection Program
KISA provides free security services to 41 SMEs including vulnerability assessments, ransomware response solutions, and security training. Apply at boho.or.kr.
During an Attack
Never Do
- Pay the ransom — no guarantee; marks you as repeat target
- Keep working on infected PC
- Delete encrypted files
Immediate Actions
- Disconnect from network — unplug LAN, disable Wi-Fi
- Report to KISA 118
- Preserve evidence — screenshot ransom notes
- Verify offline backups
- Contact security professionals
Recovery: No More Ransom
nomoreransom.org offers free decryption tools. Use "Crypto Sheriff" to identify your ransomware. Never delete encrypted files — new decryption tools are regularly added.
Sharing Backup Credentials Safely
SMEs need to share backup admin passwords among team members. Sending via LINE risks permanent exposure.
Use LOCK.PUB to create password-protected links:
- Write backup credentials as a secure memo
- Set password + expiration time
- Share link with authorized personnel
- Send password via separate channel (phone call)
Auto-deletes after expiration — no sensitive data in chat history.
Summary
| Phase | Key Actions |
|---|---|
| Prevention | 3-2-1 backup, updates, MFA, KISIA |
| During attack | Disconnect, KISA 118, never pay |
| Recovery | nomoreransom.org, restore from backup |
| Credentials | LOCK.PUB for safe sharing |
Prevention is the best defense. Never pay the ransom.
相關關鍵詞
推薦閱讀
法國2025年網路詐騙:主要威脅及防範指南
Hub article: top scam types in France 2025. Fake bank advisor (#1), phishing, CPF fraud, marketplace scams, romance scams, SIM swap, deepfake, ransomware. Report to Cybermalveillance.gouv.fr.
Wallapop和Milanuncios詐騙2025:手法、警告信號與防範
2025年Wallapop和Milanuncios防詐騙指南。假發貨頁面、Bizum反向請求、通過假驗證竊取身份。
日本信用卡盜刷防範與應對指南:2025最新版
日本信用卡盜刷的最新手法與防範措施。EMV 3-D Secure義務化、交易提醒、賠償制度。