**Ransomware Attack Disrupts Operations at South Korean Conglomerate Kyowon**

A devastating ransomware attack has brought operations to a grinding halt at South Korea's Kyowon conglomerate, exposing customer data and sparking concerns about the potential impact on millions of people. The company, which operates across various sectors including education, publishing, media, and technology, is still reeling from the effects of the cyberattack.

**A Weekend of Chaos**

It all began on Saturday, January 10, when Kyowon's IT team detected abnormal activity on its servers. Recognizing the severity of the situation, they immediately triggered an emergency response protocol to isolate affected systems and prevent further compromise. However, it soon became apparent that a ransomware attack had occurred, with data potentially leaking into the dark web.

**The Extent of the Damage**

In a statement released on January 12, Kyowon confirmed that multiple affiliate websites remained offline as they worked with external cybersecurity experts to restore systems and assess the breach. The conglomerate's various subsidiaries, including Kyowon Kumon, Wiz, Life, Tour, Property, Healthcare, and Start One, were all affected by the attack.

**A Timeline of Events**

According to an incident report filed with the Korea Internet & Security Agency (KISA) and obtained by The Asia Business Daily, the attacker exploited an open external port to infiltrate Kyowon's network. From there, they spread laterally across subsidiaries, disrupting major services and databases. It is estimated that around 9.6 million accounts may have been impacted by the cyberattack.

**The Investigation Continues**

At the time of writing, no major ransomware group has claimed responsibility for the Kyowon attack. Authorities are still investigating the breach and assessing its potential impact on customer data. In a statement, Kyowon assured customers that they were taking all necessary measures to protect their personal information.

**A Growing Concern in South Korea**

The Kyowon breach is just the latest in a string of high-profile cyberattacks targeting South Korean companies. Recent incidents include Coupang, which affected 33.7 million customers; Korean Air, which exposed staff information; and SK Telecom, which revealed a malware breach dating back to 2022 that exposed USIM data of 27 million subscribers.

**Staying Ahead of the Threat**

As the cyber threat landscape continues to evolve, it's essential for companies to remain vigilant and proactive in their security measures. With the rise of ransomware attacks, it's crucial for organizations to invest in robust cybersecurity solutions and stay informed about the latest threats and vulnerabilities.

**Stay Up-to-Date with Security Affairs**

For the latest updates on cyber threats and breaches, follow me on Twitter: @securityaffairs and Facebook and Mastodon.