Incident Response, Malware, TDR

In first, ransomware customizes language for Far East countries

Ransomware, typically used to target English-speaking victims, is moving to Asian countries.

A newly discovered variant, Crypt0l0cker, has been customized for at least two East Asian countries, according to Symantec. This variant changes its rahsom message's default language depending on the IP address of a victim's computer.

The message will appear in English if no default language is selected. The ransomware is coded to communicate in Japanese, Hangul, and Korean, although the Japanese and Korean messages appear to be written by non-native speakers or an online translation service.

This campaign asks for 1.8 bitcoins or roughly $400 as ransom to release a victim's files and the majority of attacks target Korea, followed by Malaysia and then Japan.

Symantec said this could be the first ransomware to customize languages in the Far East.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.