Legal Analysis on Ransomware Attack from Personal Information Protection Act, Company Act and Civil Code: Based on Information Security and Law Framework

Abstract

A ransom (ransomware) attack is defined as a cyber-attack that attempts to extort money (as ransom) in exchange for the recovery of data on the attacked terminal by using a malicious program called ransomware to encrypt the data. This paper attempts to advance the interpretation of ransomware attacks and law as they bring hard cases to the Personal Information Protection Act, the Civil Code, and the Company Act, and also discusses the development of the framework and proposes future lawmaking by applying the issue of ransomware attacks to the discussion framework of information security and law.