The organization’s responsibility for the ransomware attack by breaking into servers of domestic companies containing a number of personal information, including hospitals and apartment management offices, was arrested in Kazakhstan. This is the first time that police have directly arrested suspects in cooperation with Kazakhstan’s investigative agencies.
The cyber investigation department of the Gyeonggi Southern Police Agency said on the 15th that it arrested a 35-year-old Kazakh man suspected of violating the Information and Communication Network Act (spreading malicious programs) and attempted blackmail in July last year.
From 2022 to July last year, A served as the head of the ransomware organization and broke into the servers of six domestic companies, including hospitals and apartment management offices, and encrypted internal data.
Mr. A’s organization demanded Bitcoin in exchange for decryption of encrypted servers, committing crimes in the form of point organizations targeting servers in various countries besides Korea.
None of the Korean companies that were attacked transferred bitcoin in response to the request of A’s organization, but it was confirmed that they suffered damage such as paralysis of the server for a while.
In particular, Mr. A’s organization aimed for the fact that domestic companies do not change their default IDs and passwords in the process of installing and operating servers or enter them in simple strings.
They were found to have penetrated the server by randomly substituting frequently used account information into each company’s server, seized system authority, and continued the attack.
The Gyeonggi Southern Office received a related report in September 2022 and launched an investigation, analyzed the affected server, and secured the Kazakh IP address used in the crime. After several rounds of criminal justice cooperation and video conferencing with Kazakhstan, A was identified.
The police launched a joint operation with the National Safety Commission (NSC), a Kazakh investigative agency, and arrested A there on July 1 last year. In addition, on the same day, A’s residence in Almaty, Kazakhstan was seized and searched.
At the scene, ransomware attacks on servers of many domestic companies were carried out in real time, and the police reportedly stopped them.
Currently, A is currently serving time in Kazakhstan after being found guilty of committing crimes against servers in Korea and other countries.
Even after A was arrested, the police communicated with Kazakhstan’s investigative agency for the investigation of the female crime, and completed the investigation of A earlier this month.
To prevent further damage, the police plan to share information on ransomware decryption technology secured during the investigation with related organizations such as the Korea Internet & Security Agency (KISA).
A police official said, “The manager’s account information set by default on the server must be changed and the password should be updated regularly,” adding, “It is important to thoroughly take basic security measures such as applying multi-level authentication, controlling access and checking account usage history.”
Click Here For The Original Source.
