Samuel Haig reports:
A statement issued by a Chinese provincial government website has announced that the National Network and Information Security Information Center has identified overseas hackers targeting the websites of government departments with emails containing ransomware.
The ransomware was delivered via an email containing the subject line: “You must report to the police at 3:00 pm on March 11!” The emails contain version 5.2 of the Gandcrab malware, which is concealed in an attachment named “03-11-19.rar.”
After running, Gandcrab encrypts the hard disk data of the victim, prompting them to download the Tor browser. The Tor browser then “logs into the attacker’s digital currency payment window and asks the victim to pay the ransom.”
Read more on Bitcoin.com. The “evidence” included in the statement attributing the attacks to North Korean state actors does not sound particularly strong to me:
Although the identity and origin of the hackers has yet to be confirmed, one of the malicious emails was sent from the name of “Min, Gap Ryong,” a Korean name that suggests possible affiliation with North Korea.
Yeah, no one could possibly use a name to mislead others…