North Korea Suspected of Targeting Chinese Government Officials with Ransomware


A statement that has been issued by the Chinese provincial government website announced that the national Network and Information Security Center has identified the overseas hackers who have been targeting the websites of the government departments with emails containing ransomware. The ransomware was delivered through an email that contained the subject line “You must report to the police at 3:00 pm on March 11!” and it contained version 5.2 of the Gandcrab malware that concealed in an attachment that was named “03-11-19.rar”.

After running the Gandcrab malware on the system, it encrypts the hard disk data of the victim that prompts them to download the Tor browser. The Tor browser on the other hand then logs in to the attacker’s digital currency payment window and asks the victim to pay the ransom. The document states that since March 11, the attacks have been continuously taking place. The intensity of the attacks have not yet been known though a good number of the hard drives belonging to the government officials have been infected by the ransomware.

An unknown government official has indicated that he has received a notice warning him of the virus and he believes that all the government departments of China have been issued the warning. The official also stated that he often receives warning notices related to the potential cyber attacks, but believes that this is the very first instance in which the Chinese state has been targeted by hackers demanding ransom in the form of the Cryptocurrency. The identity and the origin of the hackers sending the ransomware have not yet been confirmed but it is believed that the origins lay in North Korea. But one of the emails has been sent from the name of “Min, Gap Ryong” which indicates a Korean name suggesting the possibility of affiliation with North Korea.


Please enter your comment!
Please enter your name here