Beijing is the favorite whipping boy of the Western powers when it comes to being accused of abusing its citizens, causing harm for the rest of the world through its espionage campaigns and maintaining its own army of blackhat elite hackers. However, the reality is China is as vulnerable a country to typical cyber attacks as any other nation on Earth. The biggest proof of it is that China’s internal government network was infected by Gandcrab ransomware.
Like any typical victim, the virus authors who created Gandcrab demand for a ransom payment from the Chinese government, for the decryption of the affected files. Gandcrab is a generic ransomware, it does not choose its victims, as it spreads at random network as long as it can open holes due to an unpatched portion of the operating system. The Chinese government internal network was specifically infected by GANDCRABV5.2, which was the newest variant of the ransomware at that time. It’s launching pad are usually trojanized office documents and through a phishing email, but it can also stealthily enter an unpatched system as part of an exploit kit or malicious triggers due to visiting hijacked websites.
One way or another, genuine-looking emails from Chinese government correspondents carried the malware’s payload, using an innocently-looking .rar file. The rar file is just pretending to be an archive file, but it actually contains a live copy of GANDCRABV5.2 ransomware once opened in WinRar.
“Starting from March 11, 2019, a hacker organization outside the country launched a ransomware mail attack on relevant government departments in ChinaAfter analysis and analysis, the ransomware version number is GANDCRABV5.2, which is the latest upgraded ransomware version in February 2019. After running, it will encrypt the hard disk data of the user host and let the victim user access the URL to download the Tor browser. The Tor browser logs into the attacker’s digital currency payment window and asks the victim to pay the ransom,” said the Chinese government representative, in their official press release.
The first instance of infection happened on March 11, 2019, detected by the National Network and Information Security Center of China. All government offices under Beijing is expected to issue warnings within their ranks in order to dispose of emails that may contain the trojan horse which launches Gandgrab to a network.
The Chinese authorities issues the following specific precautions are as follows:
- Do not open email attachments of unknown origin
- Install mainstream anti-virus software, upgrade the virus database, and perform comprehensive scanning and killing on related systems
- Disable the automatic operation function of the USB flash drive in Windows;
- Upgrade the operating system security patches in time, upgrade the Web, database and other service programs to prevent the spread of virus exploits;
- Take measures to disconnect the infected host or server to prevent the spread of the virus.
The Chinese government has for at least a decade is slowly moving away from corporate operating systems produced by the West, like Windows and Microsoft Office. They are keen and spending a lot on the continued development of Ubunti Kylin, the Chinese government’s official Linux Distro. Beijing is confident that very soon, they will be less targeted by attacks and fewer chances of falling for espionage due to Ubuntu Kylin, which is open for anyone to download today.