Microsoft’s security researchers have linked North Korea Intelligence to behind HolyGhost Ransomware Operation and termed it as a group that is only interested in exploiting the digital infrastructure of small and medium-scale businesses.
Researchers from Microsoft’s Threat Intelligence Centre (MSTIC) have stated that the Holy Ghost Ransomware gang dubbed DEV-0530 started its operations in June this year and is into multiple encryption tactics, along with public key management.
Holy Ghost has so far targeted industries operating in the manufacturing, finance, and education sectors and is into the usual practice of first stealing the data and then encrypting the entire database until a ransom is paid in BTC or Monero.
Surprisingly, the threat actors are demanding a small amount of ransom in noted Cryptocurrency, and are also willing to negotiate the quoted amount to the victim. And this proves that they are not desperate in gaining funds and are happy with what is being given.
NOTE– For the past few years, i.e. from 2019, Pyongyang is into the cyber activities of stealing cryptocurrency from wallets, and money from bank accounts, launching ransomware attacks for ransom and espionage. And the FBI has confirmed that the Kim Jong Un led nation is doing so to cater to the needs of Jong’s Nuclear Ambitions, as the nation is facing strict economic sanctions from the west. And FYI, during the Trump regime, Kim assured Mr. Donald Trump that he will destroy all his nuclear facilities that can be deemed as a threat to the west. But in reality, he just bluffed off destroying his nuclear pile-up, merely transferring them secretly to a place where the satellite radars of America couldn’t reach.
