Hackers target Chinese State targeted Using Ransomware

2019, Breaches, March

Who: Chinese State

When: 11 March 2019

# of records involved:

What happened: The National Network and Information Security Information Center has identified overseas hackers targeting the websites of government departments with emails containing ransomware.

How did it happen: The ransomware was delivered via an email containing the subject line: “You must report to the police at 3:00 pm on March 11!” The emails contain version 5.2 of the Gandcrab malware, which is concealed in an attachment named “03-11-19.rar.” After running, Gandcrab encrypts the hard disk data of the victim, prompting them to download the Tor browser. The Tor browser then “logs into the attacker’s digital currency payment window and asks the victim to pay the ransom.”

Outcome: Although the identity and origin of the hackers have​ yet to be confirmed, one of the malicious emails was sent from the name of “Min, Gap Ryong,” a Korean name that suggests possible affiliation with North Korea