The “WALocker” ransomware group has made a significant debut by targeting a wide range of global victims, including government entities and private companies across multiple continents. Their targets span diverse regions and industries, including: Civil Service Board of Myanmar, Bela-Bela Local Municipality of South Africa, and serveral private companies across the globe.
A key target was Myanmar’s Union Civil Service Board, from which the group leaked the confidential data of approximately 200,000 government officials. The leak includes employees from various departments such as the police, general administration, prisons, immigration, tax, finance and planning, customs, judges, and the Special Branch Detectives, as well as employees from defense production factories. This data is particularly sensitive, containing details such as national identification cards, educational transcripts, confidential government statements, and state secrets. This leak takes on heightened significance within the context of Myanmar’s ongoing political crisis. Following the military junta’s overthrow of the democratically elected government, a “Civil Disobedience Movement” (CDM) has seen hundreds of thousands of public officials walk off their jobs in protest. The leaked list of government officials is believed to represent those who have not joined the CDM and continue to work for the military regime.
In a remarkable turn of events, the WALocker ransomware group’s data leak has inadvertently provided a valuable opportunity for the revolution in Myanmar. The leaked data from the Union Civil Service Board, exposing confidential information on approximately 200,000 non-CDM officials, could be leveraged by the NUG by organizing a team to cleanse the data, then publish it transparently in a presentable format either in a secure web or mobile application that allows the people of Myanmar to identify the officials who are still working for the military junta. This leaked data provides a means to hold non-CDM (Civil Disobedience Movement) government employees accountable, aligning with the NUG’s non-CDM law that focuses on specific offenses committed by these officials. The information could be used to identify and take action against non-CDM staff based on their actions. However, according to individuals who have previously worked in online scam operations, there is significant concern that if the leaked data falls into the hands of “Kyar Pyant” online fraud gangs, it will lead to an increase in fraudulent activities. Yet, there is concern that the NUG may not be fully aware of the data’s potential, leaving this valuable resource underutilized.
Junta employees reportedly believe the leaked files pose a significant threat to the entire administrative system. They are concerned that if the information falls into the hands of revolutionary militias, it could lead to a situation similar to “Assassination Politics,” as theorized by a prominent crypto-anarchist and a cypherpunk Jim Bell, where the military employees could be targeted for assassination or assault. As a result, in a significant response to this and other leaks, the Myanmar military junta later enacted a Military Secrets Protection Law on 28 July 2025, making the unauthorized sharing of classified military information a death penalty. In addition, the data breach is believed to be the result of a ransom payment refusal by either Myanmar’s military junta or its Union Civil Service Board to the WALocker ransomware group. Given that the data breach is due to ransomware, the companies providing IT services to the military junta are reportedly being interrogated in Naypyidaw over the past few days. Currently, there are many companies providing cybersecurity services in Myanmar. Among them, Myanmar Cyber Guard, CyberHub Myanmar, SecuZone Myanmar, and IT Fortress (Yangon-based), Trust Net Solutions, Data Defend Myanmar (Mandalay-based), SafeLayer Technologies (Naypyidaw-based), ByteSecure Myanmar (Taunggyi-based), Factosecure (India-based) and Cyber Shield Asia (Southeast Asia-based, with a Myanmar office) were the most popular ones according to “The Irrawady” media. .
It’s interesting to see that ransomwares are being deployed as a hacking attempt nowadays. Hacking which is called “offensive security” nowadays was a sub-culture back in the old days and had its roots in the cypherpunk movement and was highly influenced by ‘Techno-Revolution Manifesto’ of ‘Doctor Crash’. The principles outlined in the manifesto—digital democracy, privacy, anti-establishment views, and free markets—are in line with the political goals of Myanmar’s revolution. Nonetheless, the Military Secrets Protection Law and its death penalty proves the fact that the WALocker ransomware attack, by leaking the data of 200,000 government officials, has unintentionally or intentionally aided Myanmar’s revolution.
WALocker Ransomware hit the official website of Myanmar’s Union Civil Service Board (http://ucsb.gov.mm/).
Description of the Department
UCSB.gov.mm is the official website of Myanmar’s Union Civil Service Board, providing information and e-services for civil servant recruitment, training, and management.
