U.S. names North Korea as a main culprit in ransomware attacks

이준혁 입력 2021. 9. 22. 18:25 수정 2021. 9. 22. 19:10
글자크기 설정 파란원을 좌우로 움직이시면 글자크기가 변경 됩니다.

이 글자크기로 변경됩니다.

(예시) 가장 빠른 뉴스가 있고 다양한 정보, 쌍방향 소통이 숨쉬는 다음뉴스를 만나보세요. 다음뉴스는 국내외 주요이슈와 실시간 속보, 문화생활 및 다양한 분야의 뉴스를 입체적으로 전달하고 있습니다.

The U.S. Treasury on Tuesday issued an updated advisory highlighting the risks associated with ransomware payments, while naming North Korea as one of the main culprits behind such attacks.

The U.S. Treasury on Tuesday issued an updated advisory highlighting the risks associated with ransomware payments, while naming North Korea as one of the main culprits behind such attacks.

The notice follows advisories from the U.S. Treasury issued in 2019 and 2020, which identified malicious cyber activities conducted by the North to collect intelligence, compromise defense systems and generate revenue.

The Tuesday advisory issued by the Treasury's Office of Foreign Assets Control (OFAC), directed towards companies which facilitate payments on behalf of victims of ransomware, warned that such businesses could risk violating Treasury sanctions, in addition to encouraging further ransomware attacks.

Ransomware refers to malicious software installed on target computers designed to block access to a computer system or data, often by encrypting data or programs on information technology systems to extort ransom payments from victims in exchange for decrypting the information and restoring access to systems or data.

In some cases, in addition to the attack, cyber actors threaten to publicly disclose sensitive files. The cyber actors then demand a ransomware payment, usually through virtual currency, in exchange for a key to decrypt the files and restore access to systems or data.

The advisory named North Korea as the likely sponsor behind the 2017 WannaCry 2.0 ransomware, which infected approximately 300,000 computers in at least 150 countries. This attack was linked to the Lazarus Group, a cybercriminal organization backed by North Korea. Victims of the WannaCry ransomware attack included Boeing, Honda, FedEx and the National Health Services of both England and Scotland.

While the Treasury's advisory does not carry the force of law, it makes clear that companies that facilitate payments from victims of ransomware to cyber-criminal organizations risk violating U.S. sanctions on the state entities behind the attacks.

"U.S. persons are generally prohibited from engaging in transactions, directly or indirectly, with individuals or entities on OFAC's Specially Designated Nationals and Blocked Persons List, other blocked persons, and those covered by comprehensive country or region embargoes," the advisory said.

The Treasury also warned that victims of ransomware attacks are encouraged to cooperate with U.S. investigative authorities, and that timely reporting and voluntary self-disclosure would be a mitigating factor in any response from the authorities.

"In the case of ransomware payments that may have a sanctions nexus, OFAC will consider a company's self-initiated and complete report of a ransomware attack to law enforcement or other relevant U.S. government agencies," the advisory said.

BY MICHAEL LEE [lee.junhyuk@joongang.co.kr]

Copyright © 코리아중앙데일리. 무단전재 및 재배포 금지.

이 기사에 대해 어떻게 생각하시나요?