- The European law enforcement agency Europol is warning that nation-states are increasingly behind ransomware attacks, such as the 2017 WannaCry campaign.
Europol warned in its Internet Organised Crime Threat Assessment 2018 report that, although there are fewer ransomware attacks this year than last, ransomware remains a grave threat to organizations.
“Even though the growth of ransomware is beginning to slow, ransomware is still overtaking banking Trojans in financially-motivated malware attacks, a trend anticipated to continue over the following years,” Europol said.
The most common ransomware families are Cerber, Cryptolocker, Crysis, Curve-Tor-Bitcoin Locker (CTBLocker), Dharma, and Locky, the report related.
“In a few short years, ransomware has become a staple attack tool for cybercriminals, rapidly accommodating aspects common to other successful malware such as affiliate programmes and as-a-service business models, becoming more available and accessible to all echelons of cybercriminal. As such, it also demonstrates the active abuse of encryption by criminals,” the report observed.
Earlier this month, the FBI charged Park Jin Hyok, a North Korean man with alleged ties to the government, for the WannaCry ransomware, Sony Pictures, and Bangladesh Bank attacks.
The FBI alleged that Park was a member of the government-sponsored hacking team known as the Lazarus Group and worked for a North Korean government front company, Chosun Expo Joint Venture (aka, Korea Expo Joint Venture) to support the government’s cyberattack program.
Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison.
“We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign. This group’s actions are particularly egregious as they targeted public and private industries worldwide – stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems. We’ll continue to identify and illuminate those responsible for malicious cyberattacks and intrusions, no matter who or where they are,” said FBI Director Christopher Wray.
Park and his co-conspirators were linked to the WannaCry attacks, intrusions, and other malicious cyber activities through an FBI-led investigation that identified and traced email and social media accounts that connected to each other and were used to send spear-phishing messages; aliases and malware “collector accounts” used to store stolen credentials; common malware code libraries; proxy services used to mask locations; and North Korean, Chinese, and other IP addresses.
“The Complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage,” added Assistant Attorney General for National Security John C. Demers.
In addition, the US Treasury Department designated Park and Chosun Expo Joint Venture for financial sanctions. As a result, “any property or interests in property of the designated persons in the possession or control of U.S. persons or within the United States must be blocked, and U.S. persons generally are prohibited from dealing with the designated persons.”
The agency’s Office of Foreign Assets Control is alleging Park “engaged in significant activities undermining cybersecurity through the use of computer networks or systems against targets outside of North Korea on behalf of the Government of North Korea or the Workers’ Party of Korea.”
OFAC is sanctioning Chosun “for being an agency, instrumentality, or controlled entity of the Government of North Korea.”
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” said Treasury Secretary Steven Mnuchin. “The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities.”