2022 Volume 21 Pages 68-88
A ransom (ransomware) attack is defined as a cyber-attack that attempts to extort money (as ransom) in exchange for the recovery of data on the attacked terminal by using a malicious program called ransomware to encrypt the data. This paper attempts to advance the interpretation of ransomware attacks and law as they bring hard cases to the Personal Information Protection Act, the Civil Code, and the Company Act, and also discusses the development of the framework and proposes future lawmaking by applying the issue of ransomware attacks to the discussion framework of information security and law.