Yes24, one of Korea’s largest online bookstores and content platforms, has come under intense scrutiny after it was revealed that the company paid an undisclosed amount of Bitcoin to hackers responsible for a major ransomware attack. This contradicts the firm’s earlier claims that all systems were fully backed up and that no negotiations or payments were underway.
The ransomware incident became evident when Yes24’s website and internal systems were abruptly disabled, preventing customers from accessing purchases, e-books, and order histories. In its initial statements, the company insisted that “backup data is complete,” reassuring the public that recovery was progressing and no sensitive customer information had been compromised.
However, multiple cybersecurity industry sources have confirmed that Yes24 eventually negotiated directly with the attackers, who encrypted critical systems and threatened to leak internal data. According to these reports, the company transferred Bitcoin to the perpetrators in exchange for decryption keys and to prevent disclosure of stolen files. While the precise amount of cryptocurrency has not been disclosed, estimates suggest the ransom may have exceeded tens of millions of Korean won.
The revelation has triggered public outrage, as customers accuse Yes24 of issuing misleading statements designed to minimize reputational damage. Critics point out that the company repeatedly emphasized the completeness of its backup infrastructure and claimed no ransom would be paid—a position that ultimately proved untrue.
Cybersecurity experts caution that while ransom payments can sometimes be the fastest way to restore operations, they also incentivize further attacks by demonstrating that high-profile companies are willing to negotiate. “Paying ransoms fuels the ransomware economy and signals to attackers that their tactics are effective,” one analyst noted.
Yes24, for its part, issued a subsequent statement acknowledging that some backup data was partially compromised and that a decision was made to “protect customer interests and ensure service continuity.” The company also pledged to strengthen its security systems and commission an external audit to clarify the incident’s full scope.
Regulatory authorities have indicated they may investigate whether Yes24’s disclosures violated consumer protection or data security laws. Meanwhile, customers continue to report issues accessing historical purchases, and trust in the platform has been significantly undermined.
The incident underscores the growing threat of ransomware attacks in Korea’s digital commerce sector—and raises difficult questions about transparency, corporate responsibility, and the unintended consequences of quietly paying cryptocurrency ransoms.
