Allegations
that China is in the crosshairs of North Korean hackers have arisen after the
discovery of ransomware-laden emails hitting the inboxes of government
departments. The emails contain version 5.2 of the GandCrab ransomware concealed
as an archive named “03-11-19.rar.”

China’s
National Network and Information Security Information Center has informed the
country’s provincial government that hackers are targeting the websites of
government departments with emails containing ransomware. Going by a sender
name in one of the emails (Min, Gap Ryong), Chinese officials reportedly speculate that the
operators are of North Korean origin.

According
to the statement, the attacks have
been ongoing since March 11. Victims report being directed to download the Tor
browser, which then logs into the attacker’s digital currency payment window.
The ransom sum is not disclosed in the statement.

Chinese
officials have yet to reveal the scope of the attack or assess the damage. What
the notice does say, however, is that all units are required to conduct risk
warnings, investigate, and report any future attacks. Other instructions are
provided as well, such as: install antivirus software; disable automatic
functions for USB ports; upgrade OS and install security updates; disconnect
infected hosts or servers to prevent the spread of the malware.

GandCrab 5.2 is the latest version of the infamous ransomware family. No decryptors are currently available for this version of GandCrab.