KrCERT and the Korean National Police Agency warn that Midnight, also called Endpoint, ransomware incidents against South Korean small and medium-sized businesses are increasing through malicious email campaigns. The advisory says attackers use lures disguised as official documents, resumes, quotations, infrastructure proposals, and IT service installation notices to trigger infection, steal privileges, intrude on servers, deploy ransomware, and leak sensitive data. Defensive guidance focuses on email hygiene, attachment isolation, file-extension visibility, malicious-mail blocking, mail-account review, reduced external exposure, access controls, multi-factor authentication, strong account management, and separated backups. The excerpt does not provide concrete hashes, C2 domains, or attacker infrastructure, but emphasizes practical controls to reduce ransomware impact and improve recovery readiness.