Chinese Government Officials Targeted With Ransomware, North Korea Suspected

A statement issued by the People’s Government of Yiling District, Yichang has revealed that Chinese officials have been the target of a ransomware email attack in recent days.

Also Read: Late Quadrigacx CEO Used Personal Funds to Fulfill Withdrawals

Chinese Government Officials Face Ransomware Attack

A statement issued by a Chinese provincial government website has announced that the National Network and Information Security Information Center has identified overseas hackers targeting the websites of government departments with emails containing ransomware.

The ransomware was delivered via an email containing the subject line: “You must report to the police at 3:00 pm on March 11!” The emails contain version 5.2 of the Gandcrab malware, which is concealed in an attachment named “03-11-19.rar.”

After running, Gandcrab encrypts the hard disk data of the victim, prompting them to download the Tor browser. The Tor browser then “logs into the attacker’s digital currency payment window and asks the victim to pay the ransom.”

The document states that the attacks have been taking place since March 11. The scale of the attack is not currently known, however a number of hard drives belonging to government officials have been infected.

Hackers Suspected to Have North Korean Affiliation

An anonymous government official has reportedly indicated that he received a notice warning him of the virus, adding that he believes all government departments in China have been issued the warning.

The official stated that he often receives warning notices pertaining to potential cyber attacks, but believes this is the first instance in which the Chinese state has been targeted by hackers demanding ransom in the form of cryptocurrency.

Although the identity and origin of the hackers has yet to be confirmed, one of the malicious emails was sent from the name of “Min, Gap Ryong,” a Korean name that suggests possible affiliation with North Korea.

Do you think that the hackers targeting Chinese government emails with ransom are likely to be affiliated with North Korea? Share your thoughts in the comments section below!

Images courtesy of Shutterstock

At Bitcoin.com there’s a bunch of free helpful services. For instance, have you seen our Tools page? You can even lookup the exchange rate for a transaction in the past. Or calculate the value of your current holdings. Or create a paper wallet. And much more.