Security News > 2022 > July > North Koreans spotted harassing SMBs with malware
SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year.
After the gang gets its eponymous malware onto a victim's network, it follows the standard ransomware playbook: encrypt files, and demand a Bitcoin payment to restore the data.
What is clear from Microsoft's report is that the group is located in North Korea, and that it's at least in communication with another North Korean cybergang known variously as Andariel, DarkSeoul and PLUTONIUM. That crew is believed to be responsible for prior attacks against the South Korean Ministry of Defense, Sony, and SWIFT banks, as well as being the possible developers of the WannaCry ransomware.
John Edwards, head of Britain's Information Commissioner's Office, and Lindy Cameron, CEO at the National Cyber Security Centre, said in a letter [PDF] to the Law Society and Bar Council "That an increase in ransomware attacks and payments is indicative of mistaken beliefs about British law."
For one, ransomware payments aren't usually illegal, they said, but can be depending on sanctions against countries where attackers are located.
Ransomware slingers have also begun extorting businesses without actually encrypting information - instead just siphoning off data - which could also be contributing to fewer reports without a reduction in attacks.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/16/north_korea_targets_small_business/
Related news
- It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs (source)
- Why SMBs are facing significant security, business risks (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- 78% of SMBs fear cyberattacks could shut down their business (source)