Transfer to 'Buk Haeking Jojik' Electronic Wallet... Demanding Recovery Fees After Distributing Malware
Individuals associated with a data recovery company who colluded with a hacker group linked to the North Korean hacker organization Lazarus and extorted over 2.6 billion KRW from 730 hacking victims have been brought to trial.
The Seoul Central District Prosecutors' Office Information and Technology Crime Investigation Division (Chief Prosecutor Lee Chun) announced on the 20th that they have arrested and indicted Park Mo, the CEO of the data recovery company, and employee Lee Mo on charges of extortion.
From October 2018 to July of last year, they are accused of colluding with the hacker group to infiltrate victims' computers with a type of malicious program called the Magniber ransomware, encrypting all files on the computers to make them unusable, and then collecting money from the victims under the pretext of recovery fees.
Magniber is a malicious program that appeared around 2017; once infected, the computer's files are encrypted and become unusable. The file extensions appended to the stored file names are changed to an unknown combination of alphabets and other characters.
The prosecution believes that Park and others went beyond simple recovery services and colluded with the hacker group to make money. They planned to give 80% of the amount received from victims to the hacker group and keep the rest for themselves, but in reality, they demanded additional amounts to collect more money. They also exploited the fact that victims searched for the ransomware-infected file extensions on portal sites by registering these extensions as keywords in search ads and blog ads to lure people.
The prosecution also confirmed that part of the funds transferred by the hacker group colluding with them was sent to the electronic wallet of the North Korean hacking organization after tracking the virtual currency transactions.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
