• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

GwisinLocker Ransomware Targets Linux Systems in South Korea

You are here: Home / General Cyber Security News / GwisinLocker Ransomware Targets Linux Systems in South Korea
August 5, 2022

ReversingLabs researchers found out a new ransomware family members focusing on Linux-centered systems in South Korea.

Dubbed GwisinLocker, the malware was detected by ReversingLabs on July 19 whilst undertaking successful strategies concentrating on corporations in the industrial and pharmaceutical house.

“In individuals incidents, it generally released attacks on community vacations and all through the early morning hrs (Korean time) – looking to choose edge of durations in which staffing and checking inside of focus on environments had been comfortable,” ReversingLabs wrote in an advisory posted on Thursday.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In the document, the corporation claimed GwisinLocker is a new malware variant created by a earlier tiny-identified menace actor (TA) termed “Gwisin” (a Korean term for ‘ghost’ or ‘spirit’).

“In communications with its victims, the Gwisin team promises to have deep know-how of their network and claim that they exfiltrated facts with which to extort the business,” ReversingLabs said.

Also, ransom notes linked with GwisinLocker.Linux contained detailed internal data from the compromised ecosystem, and encrypted information utilised file extensions personalized to use the title of the sufferer firm. 

Pertaining to details of the payment method guiding the ransomware, ReversingLabs claimed GwisinLocker.Linux victims are essential to log into a portal operated by the group and set up personal communications channels for completing ransom payments. 

“As a consequence, minor is regarded about the payment method applied and/or cryptocurrency wallets linked with the group.”

Simply because of familiarity with the Korean language as effectively as with the South Korean government and regulation enforcement forces, ReversingLabs claimed Gwisin may perhaps be a North Korean-linked sophisticated persistent danger (APT) team. 

“This threat ought to be of certain concern to industrial and pharmaceutical businesses in South Korea, which account for the bulk of Gwisin’s victims to day,” ReversingLabs explained.

“However, it is reasonable to think that this risk actor might grow its strategies to companies in other sectors, or even outside the house of South Korea.”

The security scientists concluded the advisory by warning firms worried with GwisinLocker to assessment the Indicators of Compromise in the report and make them readily available to internal or external risk looking teams.


Some components of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Hackers Exploit Hostinger’s Preview Domain Feature to Launch Phishing Campaigns

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • GwisinLocker Ransomware Targets Linux Systems in South Korea
  • Hackers Exploit Hostinger’s Preview Domain Feature to Launch Phishing Campaigns
  • Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government
  • Cybercrime a Key Revenue Stream For North Korea’s Weapons Program
  • Open Redirect Flaw Snags Amex, Snapchat User Data
  • Home Office to collect foreign offenders’ biometric data using smartwatch scheme
  • Nomad happy to forgive hackers if they return 90% of $190 million that was stolen
  • Over 60% of Organizations Expose SSH to the Internet
  • Decade-old malware strains top annual list of most pervasive business exploits
  • Cyber attacks rain on Taiwan during Pelosi visit

Copyright © TheCyberSecurity.News, All Rights Reserved.