Yes24 Hit by Ransomware, Forcing Shutdown of Ticketing Platform
South Korea’s largest ticketing service, Yes24, suffered a crippling ransomware attack on June 9, rendering both its website and mobile app inoperable and causing major disruptions across the K-pop and entertainment industries.
Yes24, which serves over 20 million registered users, first detected the intrusion early Monday morning. Company officials confirmed that the attack disabled both primary and backup servers and targeted critical internal files essential for system operations.
“We are currently working to determine the exact cause of the disruption and the extent of the damage,” the company stated.
Four Days of Chaos and Cancellations
The platform outage persisted for more than four days, leading to significant fallout. Popular K-pop group Enhypen canceled a fan event for their new album launch, while Seoul’s “Beautiful Mint Life” music festival faced severe logistical issues. Thousands of attendees were reportedly locked out of their reservations, with many being turned away at event venues for lack of printed tickets.
In addition:
- Presale ticketing for acts like Ateez, B.I., and Park Bo-gum was postponed.
- Ticket holders for ongoing concerts and theater productions were instructed to bring physical ticket copies, further inconveniencing fans.
Delay in Disclosure Draws Criticism
While the attack occurred early Monday, Yes24 initially blamed system maintenance, delaying formal breach notification for over 36 hours. The Korea Herald reports growing criticism over the company’s slow disclosure and lack of transparency.
Yes24 has since implemented enhanced security measures and notified the Korea Internet & Security Agency. A full recovery of services is expected by Sunday, according to the latest company update.
Customer Data Exposure Still Unclear
In an updated statement on Thursday, Yes24 said there was no confirmed evidence of personal data leaks, but added that if investigations reveal otherwise, affected users will be contacted individually.
Yes24 warned that the attack was carried out by an “unidentified person” and urged users to remain vigilant. The company specifically advised customers to:
- Change passwords
- Monitor accounts for unauthorized activity
- Avoid clicking on suspicious emails or text messages
- Delete messages from unclear sources
“Do not click on links or attachments from unclear sources and delete them immediately,” the company advised.
The Solution: Air-Gapped and Immutable Backup Protection
Cyberattacks targeting entertainment, e-commerce, and digital service platforms are increasingly disrupting critical operations. The Yes24 breach demonstrates the real-world consequences of downtime, data risk, and customer trust loss—especially when backup systems are also disabled.
To defend against ransomware and ensure fast recovery, enterprises are turning to air-gapped and immutable backup systems built for operational continuity in crisis scenarios.
If you’re looking to strengthen your defenses, check out this enterprise-grade option built specifically for ransomware resilience:
StoneFly DR365 for Veeam—a fully air-gapped, immutable backup and recovery appliance trusted by large organizations to ensure operational continuity even during sophisticated cyberattacks.
