Korean hackers suspected of developing JigSaw Ransomware variant

By 임장원 Posted : July 20, 2017, 08:41 Updated : July 20, 2017, 08:41


A JigSaw ransomware variant, believed to be produced by South Korean developers, has been discovered, according to a security firm.

The variant is similar in character to most existing JigSaw ransomware viruses except for the exposure of the clown mask image, according to ESTsecurity Corp., a software developer and security firm based in Seoul. JigSaw not only encrypts files but also deletes them every hour and each time the infection starts until the ransom payment is made.

The security firm noted that the Korean-language (Hangul) message used in the ransomware variant was written in perfect colloquialism almost like a native speaker, such as the appropriate use of admiration and emoticons. Analysis of the source code suggested it was developed by Korean hackers as a large amount of Hangul was found in comments and folder paths.

ESTsecurity diagnosed this variant as a sample for testing because various bugs were found and files were not actually encrypted until analysis was done.

The security firm warned of more advanced ransomware attacks targeting South Korea, one of the world's most advanced Internet service providers, saying Korean hackers who know well about the psychology and characteristics of domestic users are thought to have jumped into the race.

Lim Chang-won = cwlim34@ajunews.com

기사 이미지 확대 보기