A Kazakh national, identified as βA,β was arrested after authorities linked him to a ransomware group that encrypted servers at hospitals and apartment management offices and demanded Bitcoin for decryption. Police coordinated with Kazakh investigative agencies to seize evidence in Almaty, halt ongoing attacks, and plan to share decryption tools with KISA while urging organizations to remove default credentials and enable multi-factor authentication. #GyeonggiSouthernPoliceAgency #HospitalServers
Keypoints
- A 35-year-old Kazakh man (βAβ) was arrested for leading a ransomware organization that attacked domestic servers.
- Targets included hospitals and apartment management offices, causing temporary service outages though victims did not pay ransom.
- The attackers gained access by exploiting default or weak administrator IDs and passwords through common credential guessing.
- Gyeonggi Southern Police worked with Kazakhstanβs NSC to identify the Kazakh IP, arrest the suspect in Almaty, and stop live attacks.
- Investigators will share decryption techniques with KISA and advise changing default credentials, using MFA, controlling access, and monitoring account usage.
Read More: https://www.mk.co.kr/en/society/12017618