A Kazakhstani national in his 30s has been arrested in connection with a series of ransomware attacks targeting corporate servers, South Korean police said.
According to the Cyber Investigation Division of the Gyeonggi Southern Provincial Police Agency, the suspect, identified as ‘Mr. A,’ is facing charges of distributing malicious programs and attempted extortion under the Information and Communications Network Act. Authorities allege he led a ransomware operation that breached corporate servers, encrypted sensitive data, and demanded Bitcoin payments in exchange for restoring the files.
Police believe that from 2022 through July last year, Mr. A either directly carried out the attacks or coordinated them through associates using foreign messaging platforms. Victim companies first reported the incidents in September 2022. Police conducted a forensic analysis of compromised systems and were able to trace a Kazakhstan-based IP address linked to the attacks.
Together with Kazakh authorities investigators identified the suspect and carried out a raid on Mr. A’s residence in Almaty in July last year.
At the time of the raid, officials said active ransomware attacks on multiple company servers were underway. Authorities blocked the attacks and seized key evidence, including computers and mobile devices.
Police said that the suspect took advantage of weak cybersecurity practices, targeting companies that used default login credentials or easily guessable passwords. By using brute-force technique, he was able to gain unauthorized access and escalate system privileges before deploying ransomware.