Cyber Incident Victim: Zabicall

On July 18, 2022, a South Korean company operating a call taxi service across multiple regions suffered a ransomware attack that paralyzed its operations. The incident disrupted smartphone app-based taxi dispatch systems in most cities and counties within Gangwon Province, with additional service outages reported in parts of Busan, Gyeonggi, Gyeongbuk, and Jeonnam. The attack prevented customers from booking rides through the digital platform, significantly impairing transportation services in affected areas. Company systems became inaccessible following the ransomware infection, though specific technical details about the attack vector or malware deployment method were not disclosed in available reports. The operational disruption demonstrated the attack's broad geographic impact on critical transportation infrastructure.

The targeted company engaged the Korean Ransomware Recovery Center immediately after detecting the infection, where analysts identified the threat as a novel ransomware variant. Facing urgent operational pressures, the organization initiated direct communication with the attackers during the early hours of July 18 to negotiate system restoration. As part of this engagement, the company paid an unspecified amount of cryptocurrency to the threat actors in exchange for a decryptor tool. Payment was specifically conditioned on restoring access to compromised backup servers essential for business continuity. Following the transaction, the company formally requested the decryption key from the attackers to begin data recovery processes. Public statements confirmed the ransom payment but did not disclose whether data restoration was ultimately successful or operational systems were fully recovered. The incident highlighted ransomware's disruptive potential against critical transportation services and the operational dilemmas facing organizations when backups are compromised.