A computer virus called "ransomware" that demands money after making data on a computer unusable has infected the server of the Yamagata Chamber of Commerce and Industry, and some of the information has been leaked to a highly anonymous dark site. I found out.

According to the police, it is the first time in Yamagata Prefecture to recognize the confirmation of infection with "ransomware".

According to the investigators and the Prefectural Chamber of Commerce and Industry, there was a problem that the server of the Prefectural Chamber of Commerce and Industry was turned off in late January and the system went down.



The police, who consulted with the Prefectural Chamber of Commerce and Industry, analyzed that there was a possibility of a cyber attack, and found that the server was infected with a computer virus called "ransomware."



When infected with this virus, the data stored in the computer is encrypted without permission and becomes unusable, and a screen requesting money is displayed in exchange for lifting the restrictions.



This time, an English threatening sentence was displayed and requested to pay with "bitcoin", a virtual currency on the Internet, but the prefectural commerce and industry association did not respond to the request.



However, after that, police discovered that the files of the Prefectural Chamber of Commerce and Industry were leaked on the highly anonymous dark site = Dark Web on the Internet.



When NHK analyzed this file with the help of stakeholders, it contained some information about the employee's address, career, salary information, and the retirement amount of the retired employee.



According to police, it is the first time in Yamagata Prefecture to recognize a confirmed infection with ransomware.



The Prefectural Chamber of Commerce and Industry said, "As far as I confirmed, the leaked information was the same as the information already published, such as the names and titles of officers, and it was judged that it was not personal information. And respond appropriately. "

In case of leakage or other incidents

This time, the leaked information included


▽ information on individual salaries,


▽ salaries and retirement amounts of retirees,


and


▽ information on addresses and careers.



According to the National Personal Information Protection Commission, such information is personal data that is handled as a database of personal information, and if a case such as leakage is discovered, the organization will publish the facts and prevent the facts and recurrence. The notice of the committee stipulates that we will endeavor to promptly report the measures to the Personal Information Protection Commission.



In addition, personal data is applicable even if it is a person inside the organization if it contains information about the individual, and information on retirees is also applicable as long as the person is alive.

Group "Doppel Paymer" that seems to have made a cyber attack

This time, it is a group called "Doppel Paymer" that seems to have carried out a cyber attack by a ransomware virus.



According to Takeshi Teshigawara of Macnica Networks, who is familiar with cybersecurity, this group has been active since around April 2019, based in Russian-speaking countries such as Russia and Eastern Europe.



Since around February last year, it is said that it not only encrypts files with ransomware, but also publishes stolen files on the highly anonymous dark site on the Internet = dark web and demands money. That is.



So far, in addition to Mexican oil companies and Korean automobile manufacturers, it seems that a construction company in Tokyo was attacked in Japan in August last year, and the damage is spreading, so the FBI of the United States = federal The Investigation Bureau also issued a warning in December last year.



Cyber ​​attacks that steal confidential information and threaten to expose it without paying are called "exposure type", and multiple groups are attacking in the world, and in November last year, a major game software company "Capcom" was attacked by another group, and the personal information of employees was leaked, causing great damage.



Mr. Teshigawara said, "Because of working from home in Corona, people tend to be distracted by emails, and even if they notice something wrong, it is difficult to consult with them, raising the security awareness of the organization, and what kind of system is used in their organization on a daily basis. It is necessary to take measures such as grasping from the above and taking immediate action when a vulnerability is found. "