회사소개

제품

안내

고객지원

Company

Product

Information

Support

Thông tin về công ty

Sản phẩm

Thông tin

Hỗ trợ chung

mainslide-img01

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main02

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main03

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main04

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

mainslide-img01

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main02

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main03

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main04

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

News & Notice more +

Title Date
NPCore participated in the '2017 Cybersecurity Business Partnership Day' to enter the US market.
▲ NPCore's CEO, Han, Seung-Chul, who participated in the '2017 Cybersecurity Business Partnership Day', is introducing products. Nine domestic information security companies participated in the '2017 Cybersecurity Business Partnership Day' held in Washington, D.C., US from June 7 to 8. The conference was hosted by the MSIFP(Ministry of Science, ICT and Future Planning) and KISIA and KOTRA to help domestic information security companies enter US market . 9 domestic information security companies and more than 30 promising US buyers participated in this conference and they had 1:1 business meeting and networking between companies. The domestic companies that participated in the conference were ▲ KIWONTECH (email security) ▲ NAONWORKS (convergence security solution), ▲ Nable Communications (communication security), ▲ SECUVE (system security and biometrics authentication), ▲ NPCore (endpoint security), ▲ EYL (quantum pulse generator), ▲ KTB Solution (security authentication system), ▲ Fasoo.com (Data and Application Security), ▲ HancomSecure (integrated password key management). At the 'Information Security Forum', which was held as an additional event, speakers such as the Federal Audit Office introduced US information security trends. The US information security market is the largest market in the world, taking about 40% of the global market. The federal government is actively investing and purchasing. US is one of the areas with high occurrence of cybercrimes all over the world and WannaCry Ransomware attack that was the hottest issue all over the world is still scaring US. So continuous increase of demand for information security is expected. KISIA and KOTRA are supporting domestic information security companies' entering US market due to MOU contract with the ISA(Security Industry Association) of US in 2015 when the dispatch of US economic delegation. Last year, following the Korea-US ICT Policy Forum, they held 'US Business Partnership' that 15 domestic information security companies participated in. KISIA's president Hong, Gi-yung said, "This conference will chance to show our company's original technology and strengthen the entry into the North American market, the world's largest information security market." KISIA and KOTRA will hold a '2017 UK Cybersecurity Business Partnership Day' in the UK at the end of June. Han Seung-Chul, CEO of NPCore which is one of the participating Korean companies, said, "Among the US buyers I consulted, ELITE System, ICS, and GINIA responded positively. US companies are generally positively considering data security product's installation and technology convergence to prevent this incident due to 'WannaCry Ransomware' attack which was big issue last month. To enter the US market with data security product, we need to prepare for this environment by reflecting the reality that we have to produce in US or OEMs and shift servers to the US and execute the update using the server in the US."
2017.06.19
'Erebus Ransomware' attacked and encrypted Web hosting company

After the file is decrypted, the Ransomware can still be executed.

▲ 에레버스 랜섬웨어 감염 화면. 하우리 제공 ▲ The screen attacked by Erebus Ransomware. Web hosting company 'Internet Nayana' was attacked by Erebus Ransomware on June 10th. 153 out of 300 Linux servers and websites of domestic enterprise and universities, organization, etc. managed by this company are attacked, and the files of 5,000 sites were encrypted, so a lot of damage is expected. Ministry of Science, ICT and Future Planning explained on 12th "Unlike WannaCry Ransomware, the Erebus Ransomware seems to target at certain company. Internet Nayana is currently recovering the server and KISA is also supporting the necessary actions." Internet Nayana announced as follows on the 11th through the notice. "Internet Nayana has thoroughly implemented security and double backup, but hacker attacked these server's data via Ransomware. We first confirmed the Ransomware attack at 01:30 on June 10, 2017, and immediately we reported it to KISA(Korea Internet & Security Agency) and the e-crime unit, so they're currently investigating. Erebus Ransomware targeted and attacked Linux servers and 153 Linux servers were attacked. The hacker's initial requirement for recovery was 10 bitcoin (28,845 USD) per Linux server. The hacker's final requirement on the 11th is 5.4 bitcoin (15,476 USD) per Linux server by 23:59 on June 14th. We tried to recover with the backed up data, but confirmed that the internal backup including the original file and the external backup were attacked and entrypted by Ransomware all. We are doing our best to protect our customers' interests by discussing other company that can take over about web hosting, server hosting, domain, consigned management : services originally managed by Internet Nayana. We are looking into ways to recover the data that Ransomware encrypted, but it is difficult to recover it right now because the investigation is being conducted by e-crime unit and KISA." They said. An official of KISA said, "It will take time to find the exact attacking route because of a lot of servers to analyze." "Erebus Ransomware is run by elevated privilege on the PC using the bypassing method the UAC(User Account Control) security function using the Windows Event Viewer. By modifying the registry, the ransomware hijacked the connection for the '.msc' extension and it is run according to the privilege of the Event Viewer executed in elevated mode. In order to make it difficult to trace, the Ransomware downloads the 'anonymous (Tor) browser client' itself and uses it for network communication. And encrypts key files including 70 extensions exist in the user PC. Also the Ransomware changes the file extensions using the 'ROT-3' encryption method. When encryption is complete, it displays an alert window and the Ransomware infection note. And it removes the 'Volume Shadow Copy' in the encryption process to delete recovery point, so Windows can not be restored. After the file is decrypted, Ransomware can still remain and be executed, so you should remove the Ransomware malware file also completely." [Source : DAILYSECU's Journalist Gil, Min-Kwon | mkgil@dailysecu.com | Monday, June 12th, 2017]
2017.06.18
NPCore launched and demonstrated new products in MPIS 2017

NPCore launched and demonstrated new products in MPIS 2017

▲ 엔피코어 권경남 차장은 ‘우리를 위협할 의료기관 최신 APT 및 랜섬웨어 공격 대응 방안’을 주제로 발표를 진행. MPIS 2017. Medical Center Privacy Information Security Conference (MPIS) 2017 was held on May 18th at the Korean Federation of Science and Technology Hall with the participation of about 400 medical information security practitioners successfully. At this conference, NPCore's director, Kwon, Kyung-Nam presented the theme of 'The countermeasures against the latest APT and Ransomware attacks threatening medical center'. He explained Ransomware attack trends and countermeasures with WannaCry Ransomware case and demonstrated new product at booth exhibition. ▲ 권경남 차장, MPIS 2017 발표현장 [Source : DAILYSECU's reporter, Gil, Min-Kwon | mkgil@dailysecu.com  Monday, May 22nd, 2017]
2017.06.12
WannaCry ransomware massively attacks computer systems all over the world
wannacry infection map A new ransomware strain named WannaCry (aka WannaDecryptor, aka WannaCryptor, aka WanaCypt0r, aka WCry) has infected more than 57,000 computers in 74 countries around the world so far. According to Avast malware researcher Jakub Kroustek, most of the detections are coming from Russia, Ukraine, India and Taiwan. wannacry attack distribution Kaspersky Lab forum users report that the WannaCry ransomware managed to infiltrate the internal computer system of the Ministry of Internal Affairs of Russia and Investigative Committee of Russia. “It first appeared in February 2017, but now it’s updated and looks different than previous versions”, said one of the Kaspersky Lab forum users. Spain’s Computer Emergency Response Team CCN-CERT also posted an alert on their site about a widescale ransomware attack affecting a few Spanish organizations. The National Health Service (NHS) in the U.K. also issued an alert and confirmed infections at 16 medical institutions. The WannaCry attacks are initiated using an SMBv2 remote code execution in Microsoft Windows OS. The EternalBlue exploit has been made publically available through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. However, many companies and public organizations have not yet installed the patch to their systems. The ransomware encrypts the files and also drops multiple ransomware notes on different languages. WannaCry demands to pay $300 in Bitcoin wallet. WannaCry virus provides timer countdown warning that the payment amount will be raised after 3 days and the victim will completely lose their personal files after 7 days. wannacry ransom demand The ransomware also changes the victim’s wallpaper with instructions on how to pay the ransom demand and how to get the decryptor tool. wannacry ransom note The transactions statistics of Bitcoin wallets used by WannaCry creators show that some of the victims have already paid the ransom. The file extensions targeted by the WannaCry ransomware include:
  • Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
  • Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv).
  • Emails and email databases (.eml, .msg, .ost, .pst, .edb).
  • Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
  • Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
  • Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
  • Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
  • Virtual machine files (.vmx, .vmdk, .vdi).

How to Prevent WannaCry infection?
1. Make sure that all hosts have enabled endpoint anti-malware solutions. 2. Install the official Windows patch (MS17-010), which closes the SMB Server vulnerability used in this ransomware attack. 3. Scan all systems. After detecting the malware attack as MEM:Trojan.Win64.EquationDrug.gen, reboot the system. Make sure MS17-010 patches are installed. 4. Backup all important data to an external hard drive or cloud storage service. [Source : MalwareLess, May 12, 2017, https://malwareless.com/wannacry-ransomware-massively-attacks-computer-systems-world] A more obvious defense is to install a Zombie ZERO that defends a new Ransomware based on behaviors. Zombie ZERO can defend the second WannaCry against new and variant Ransomware without signatures. Existing antiviruses can not prevent the upcoming WannaCry, a new malware. For more information, please call +82-2-1544-5317 or visit www.npcore.com. Go to Ransomware Response Solution on Endpoint : ZombieZERO EDR for Ransomware
2017.05.14
NPCore signed an agreement with BlueZebra to distribute in Thailand and expanded its market in Southeast Asia.
hoh_1612hoh_1575   NPCore signed an agreement with BlueZebra to distribute in Thailand and expanded its market in Southeast Asia. On April 25, 2017, NIPA and KAIT held a Thailand-Korea ICT Road Show 2017 at the Anantara Siam Bangkok Hotel in Thailand. 23 Korean ICT companies including NPCore attended. The company has a 1:1 business meeting with six local companies including BlueZebra, CAT Telecom, PlanetComm, Control Data (CDG), i-en and XPLINK. Among them, NPCore received positive responses from BlueZebra, CAT Telecom, PlanetComm and CDG. Particularly, after returning to Korea, NPCore acrively promoted the plan about the partnership agreement with BlueZebra and the PoC with CAT Telecom. As the result, on May 4th, NPCore signed a distributorship contract with BlueZebra in Thailand and planned PoC with CAT Telelcom concretely to be the first step of local distributor activity. NPCore's CEO, Han, S.C. said "This agreement helped expand the Southeast Asian market to Thailand. I'm planning to visit Thailand again within May to support PoC."
2017.05.10

Malicious behavior detect report more +