Security News > 2022 > July > North Koreans spotted harassing SMBs with malware
SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year.
After the gang gets its eponymous malware onto a victim's network, it follows the standard ransomware playbook: encrypt files, and demand a Bitcoin payment to restore the data.
What is clear from Microsoft's report is that the group is located in North Korea, and that it's at least in communication with another North Korean cybergang known variously as Andariel, DarkSeoul and PLUTONIUM. That crew is believed to be responsible for prior attacks against the South Korean Ministry of Defense, Sony, and SWIFT banks, as well as being the possible developers of the WannaCry ransomware.
John Edwards, head of Britain's Information Commissioner's Office, and Lindy Cameron, CEO at the National Cyber Security Centre, said in a letter [PDF] to the Law Society and Bar Council "That an increase in ransomware attacks and payments is indicative of mistaken beliefs about British law."
For one, ransomware payments aren't usually illegal, they said, but can be depending on sanctions against countries where attackers are located.
Ransomware slingers have also begun extorting businesses without actually encrypting information - instead just siphoning off data - which could also be contributing to fewer reports without a reduction in attacks.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/16/north_korea_targets_small_business/
Related news
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Evolving cybercriminal tactics targeting SMBs (source)