The Korea Herald

소아쌤

Ransomware suspects nabbed in intl. probe involving S. Korea

By Yonhap

Published : Oct. 15, 2021 - 14:15

    • Link copied

This undated photo provided by the Korean National Police Agency shows a police raid on ransomware hacking suspects in a foreign country. (Korean National Police Agency) This undated photo provided by the Korean National Police Agency shows a police raid on ransomware hacking suspects in a foreign country. (Korean National Police Agency)
Key members of an international criminal organization suspected of carrying out massive ransomware attacks on South Korean companies and universities in 2019 have been arrested in a joint investigation by South Korea and a few other countries, police here said Friday.

The joint investigation, which also involved Ukraine's police, the Federal Bureau of Investigation of the United States and Interpol, busted four members of the unnamed criminal organization, including its money laundering chief, according to the Korean National Police Agency (KNPA).

The four -- three Ukrainians and a foreigner of another nationality -- are accused of distributing the Clop ransomware to four South Korean universities and companies in February 2019, paralyzing some 720 computer systems containing their academic and business data and extorting a total of 65 bitcoins, currently valued at 4.5 billion won ($3.8 million), from them in return for decrypting their computer networks, the KNPA said.

The KNPA said it has booked the four suspects on charges of hacking offenses, blackmail and concealment of crime proceeds, and began the procedures to bring two of them here for whom arrest warrants were issued in the unidentified country.

Clop is a malicious program used to paralyze computer systems by changing their file extensions and then using it as blackmail to demand money.

The suspects allegedly targeted universities, as well as small and midsized manufacturers with relatively weak security levels before infiltrating their internal computer networks, infecting their central management systems with Clop and demanding the payment of cryptocurrency, the police agency said.

Soon after the hacking incidents, the KNPA shared information on the suspects' methods of attacks and infiltrations with 20 countries. It has been confirmed that the virtual assets extorted by the suspects were converted into cash at overseas exchanges.

"Amid the global spread of ransomware-related damage, it is meaningful that a major money laundering offender has been arrested for the first time through international cooperation. The cooperation will be continued until the apprehension of all the suspects who distributed the malicious program," an official at the KNPA said.

According to US data, the amount of ransomware damage worldwide has surged from 380 billion won in 2015 to 23.6 trillion won this year and is expected to exceed 312 trillion won by 2031.

The KNPA said it will present its latest achievement at the "2021 International Symposium on Cybercrime Response," set to kick off Monday. (Yonhap)