According to The People’s Government of Yiling District, Chinese government has been attacked by ransomware emails in recent days. On the provincial government official website, the National Network and Information Security Information Center has speculated the origin of the ransomware and hackers.

These attacks were found since March 11 and focused on websites of the government department. The cyber attacked using malicious emails, sent under the subject line: “You must report to the police at 3:00 pm on March 11!”. After running, the virus encrypts the hardware data and asks it’s victims to download the Tor browser, and then “logs into the attacker’s digital currency payment window and asks the victim to pay the ransom.”

This malware was known as Gandcab version 5.2, which is zipped as an attachment named “03-11-19.rar.” As the government website confirmed, this is the latest version in February 2019 of infamous ransomware.

An anonymous official revealed that all Chinese government departments got the warning about the potential cyber-attacks, but this is the first time the hackers attacked demanding ransom in the form of cryptocurrency.

Though the hacker identity has not confirmed yet, one of these emails sent by “Min, Gap Ryong,” a Korean name which is a possibility connects to North Korea.