Second ransomware attack in two months disrupts South Korean ticketing giant

South Korea’s largest ticketing and online book retailer, Yes24, said it has restored services after a ransomware attack knocked its website and mobile app offline for several hours on Monday — the company’s second such incident in less than two months.

The disruption began around 4:30 a.m. local time, preventing customers from booking concert tickets, accessing e-books and using community forums. Yes24 said it took its systems offline to prevent further damage and relied on backup data to recover operations within seven hours. 

The company did not name the attackers or say if a ransom was demanded.

The outage caused panic among fans of K-pop band DAY6, whose general ticket sales for its “The Decade” tour were scheduled to open at 8 p.m. the same day. Yes24, the exclusive ticketing partner for the concert, resumed sales as planned once services were restored.

Ransomware also temporarily crippled Yes24 earlier this summer. An attack in June forced the company offline for about five days, disrupting ticket sales for high-profile acts such as Park Bo-gum, Enhypen, Ateez and rapper B.I. The incident also delayed multiple K-pop presales and fan events. The Korea Internet & Security Agency (KISA) said at the time the company lacked an offsite backup system, which slowed down the recovery.

Following the June breach, Yes24 pledged to “review its security from the ground up,” hire an external advisory group, boost its cybersecurity budget, and overhaul its systems. Local media and customers have criticised Yes24’s leadership this week for failing to prevent another breach despite those promises and for providing limited updates during the latest incident.

Yes24 has faced security issues before. It was fined in 2016 and 2020 for violating South Korea’s Personal Information Protection Act, and in 2022 a teenage hacker stole 1.43 million e-book decryption keys from the company’s systems, according to local media.

Ticketing platforms are attractive targets for cybercriminals because they store large volumes of personal data, process high-value transactions, and face pressure to resume operations quickly to avoid damaging high-profile events.

In the United States, platforms such as StubHub and Ticketmaster have been targeted in similar attacks, including during ticket sales for Taylor Swift’s Eras Tour. In France, the ticketing system for the popular Paris Saint-Germain soccer club faced an attack last year.