![[사회]’Police impersonation’ ransomware spread…first arrested after two years of tracking](https://image.ytn.co.kr/general/jpg/2021/0309/202103091717425082_t.jpg "[사회]’Police impersonation’ ransomware spread…first arrested after two years of tracking")
“Police attendance order”… ‘Ransomware’ e-mail impersonating the police, etc.
In case of ransomware infection, “Send money to recover”
Investigation of cooperation with 10 countries… Arrested in 2 years
Police “Use of Virtual Currency·Dark Web…Difficult to Track”
[앵커]
A man in his twenties who spread ransomware by pretending to be a public institution such as a police station was arrested.
Tens of thousands of crime traces were captured after more than two years of analysis, and this is the first time a distributor has been arrested in Korea.
This is Shin Joon-myeong.
[기자]
This email was sent to an unspecified number of people in early 2019.
It looks like the police sent a notice saying that the complaint has been filed, telling you to attend.
However, it is an e-mail pretending to be a public institution with ransomware, a malicious program that demands a ransom.
This is the file attached to the mail.
It looks like a regular Word file named Attendance Request, but if you run it, the data is encrypted like this and cannot be used.
On the screen of the infected computer, a message stating that sending money will unlock the password appears.
A 20-year-old spread ransomware by sending all 6,400 e-mails pretending to be public institutions such as the police station or the Constitutional Court from February to June 2019.
Mr. A also showed the sophistication of purchasing 95 Internet domain addresses to deceive as if they were sent by a public institution.
When the victim pays $1,300 for data restoration to the ransomware developer in cryptocurrency, Mr. A made an unfair advantage by receiving a 7% commission through the broker.
At least 120 victims were identified by the police, and the amount of damage amounted to 12 million won.
In order to capture Mr. A, the police have conducted joint investigations with 10 countries over the past two years to analyze 30 million cryptocurrency deposits and withdrawals and 27,000 communication records.
Since Mr. A laundered his IP address through various countries and received the proceeds of the crime in cryptocurrency, tremendous manpower and time were required for tracking.
This is the first case in Korea to arrest ransomware distributors.
The police arrested Mr. A and handed it over to the prosecution, and the ransomware developer is also tracking it.
[이병길 / 경찰청 국가수사본부 사이버테러수사팀장 : 지금도 인터폴과 국제공조수사를 계속 진행하면서 갠드크랩 등 랜섬웨어 개발자를 수사하고 추적하고 있습니다.]
The police urged them not to open attachments until safety was confirmed if they received a suspicious e-mail saying that paying money would not guarantee data restoration, but could encourage more crime.
YTN Shin Joon-myeong[[email protected]]is.
※’Your report becomes news’ YTN is waiting for your valuable report.
[카카오톡] Search YTN to add a channel [전화] 02-398-8585 [메일] [email protected] [온라인 제보] www.ytn.co.kr
[저작권자(c) YTN & YTN plus 무단전재 및 재배포 금지]