2 min read

Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea

Graham CLULEY

June 17, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea

According to a report by Catalin Cimpanu at The Record, authorities in South Korea have filed charges against employees at a computer repair store.

What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers of their customers, netting more than 360 million won (approximately US $320,000.)

The report says that South Korean police claim the extortion scam began last year, after companies contacted the repair firm hoping to receive assistance in dealing with ransomware infections that had encrypted their systems.

The repair firm reportedly initially assisted victims, helping them negotiate and pay ransoms to retrieve data garbled by the attacks. However, according to The Record, “in at least 17 incidents, the employees modified ransom notes to inflate the original ransom demands in order to obtain larger funds from the victimized companies.”

In some cases the ransoms are said to have been increased ten-fold, allowing corrupt technicians to make large profits when victims agreed that a ransom demand should be paid.

That would be bad enough, but it is further claimed that technicians at the repair store installed a remote access backdoor on customers’ computers they helped recover from attacks, and would use it to launch their own ransomware attacks.

Ultimately, according to reports, the rogue staff would plant ransomware onto the computers of any customers – even those who didn’t bring their computers in due to a ransomware problem.

If there’s one thing that I thought ransomware gangs had learnt in recent years it was not to target organisations on your doorstep.

Just look at the amount of ransomware believed to originate from certain parts of Eastern Europe, but which notably goes out of its way to avoid infecting computers if it detects a Cyrillic keyboard is being used.

The theory goes that law enforcement agencies in Russia might be turning a blind eye to ransomware gangs based in the country, just so long as they don’t cause problems for companies close to home.

For instance, according to an analyis by security experts at Cybereason, the DarkSide ransomware deliberately strives to avoid infecting computers it identifies as being based in the following countries:

  • Armenia
  • Azerbaijan
  • Belarus
  • Georgia
  • Kazakhstan
  • Kyrgyzstan
  • Moldova
  • Romania
  • Russia
  • Syria
  • Tajikstan
  • Tatarstan
  • Turkmenistan
  • Ukraine
  • Uzbekistan

If South Korean police really have successfully identified members of an active ransomware gang, it sounds like the suspects may have made the elementary mistake of targeting companies far too close to home.

In the past we’ve described how stores offering repair services have tricked customers into believing their PCs are infected with malware. It’s something else to take a PC to a repair shop for fixing, only to find that you’re dealing with a potentially bigger criminal than the ones who have caused your computer to seize up in the first place.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read