After a disruptive ransomware attack that paralyzed its core IT systems, SGI Seoul Guarantee has successfully restored its services, resuming full guarantee issuance on July 17, 2025, at 10 a.m., four days after the initial breach on July 14.
The South Korean financial institution, known for providing essential financial guarantees such as Jeonse loan guarantees, housing mortgage guarantees (MCI), and mobile phone installment payment guarantees, faced a significant challenge when its systems were compromised by the 'Gunra' ransomware group. This attack forced a temporary halt on guarantee issuance, causing inconvenience to customers and financial partners alike.
SGI Seoul Guarantee promptly announced the restoration of its IT infrastructure, enabling the resumption of all guarantee services through multiple channels. Customers can now access guarantee issuance via physical branches, local offices, the company’s website, and mobile platforms, accommodating both face-to-face and non-face-to-face interactions.
Recognizing the surge in guarantee application demand following the outage, SGI Seoul Guarantee has mobilized all personnel to prioritize the processing of guarantee issuance. This concerted effort aims to mitigate customer inconvenience and address the backlog accumulated during the system downtime.
Moreover, the company is taking meticulous steps to ensure no customer suffers from missed guarantee issuances. For guarantees handled through ex-post supplementary methods during the outage period—including Jeonse loan guarantees, MCI guarantees, and mobile phone installment payment guarantees—SGI Seoul Guarantee is collaborating closely with lending institutions and telecommunications companies. This thorough cross-checking aims to identify and rectify any omissions, safeguarding customers from potential financial harm.
To further assist affected customers, SGI Seoul Guarantee established a 'damage report center' on July 16, inviting individuals and businesses impacted by the outage to report their cases. The company has pledged full compensation where damages are confirmed and is actively compiling reports to develop additional response strategies.
In parallel with recovery efforts, investigations into the breach continue. The Financial Supervisory Service’s IT Audit Bureau and the Financial Security Institute have dispatched personnel to assess the incident, while police investigations commenced on July 15, focusing on log records and other relevant data to trace the attack's origin and method. Although the attack has been attributed to an external ransomware group, the precise entry point and infiltration mechanisms remain under examination.
SGI Seoul Guarantee has committed to maintaining robust IT monitoring and fostering ongoing cooperation with relevant agencies to ensure the system's stable operation moving forward. Transparency is a key element of the company’s response; it has pledged to disclose investigation progress and any additional measures publicly, alongside continuing customer support and compensation processes through the damage report center.
The ransomware incident not only disrupted SGI Seoul Guarantee’s operations but also had ripple effects across the banking sector. Since the institution’s guarantees underpin many housing loans, including Jeonse and mortgage loans, their temporary suspension caused delays in loan approvals and disbursements. With the restoration of SGI Seoul Guarantee’s systems, banks have resumed selling new Jeonse and monthly rent loans secured by these guarantees, alleviating a critical bottleneck in the housing finance market.
Despite the successful recovery, regulatory scrutiny looms. According to South Korea’s electronic financial supervisory regulations, core business operations should ideally be restored within three hours following an electronic financial incident, with insurance companies granted a 24-hour window under the Insurance Business Act. SGI Seoul Guarantee’s four-day restoration exceeds these benchmarks, suggesting potential penalties. However, experts anticipate that, following the Financial Supervisory Service’s audit, the company may avoid severe sanctions such as business suspension or fines ranging from 10 million to 50 million won, provided it continues to cooperate fully and implements recommended safeguards.
SGI Seoul Guarantee’s experience underscores the growing threat ransomware poses to financial institutions and the critical importance of cybersecurity resilience. As the company navigates recovery and investigation, it faces the dual challenge of restoring customer trust and reinforcing defenses against future attacks.
In the meantime, customers can rest assured that guarantee issuance services are back online, supported by dedicated efforts to prevent further disruption and compensate those affected. SGI Seoul Guarantee’s transparent communication and cooperation with authorities offer a hopeful path forward amid the complexities of modern cyber threats.
![[SGI서울보증 랜섬웨어] SGI서울보증, 해킹 사흘 만에 운영 재개](https://thumbor.evrimagaci.org/BWXad54gnNiXXxf_rsh18sDa2QY=/200x0/tpg%2Fsources%2F2e9405eb-cdd6-42cb-a995-1654bdb3a401.jpeg)
