Hackers Rake In $6.5 Mn In Ransom Capital Internationally.
Sign in

Hackers rake in $6.5 mn in ransom capital internationally.

print Print email Email

"Ransomware on the rise in India. Ransomware is one of the biggest threats the world faces today. According to Cisco, ransomware is now the most lucrative type of malware ever and as much as $6.5 million can be generated per year from a single attack."

India seems to have emerged as an prominent objective for hackers. It emerged as a top victim in the SamSam Ransomware attack that was first reported in 2012 than in 2015 with enormous apprehension.

Internet/Cyber security solution provider Sophos said India ranked sixth among the top victim countries across the world.

Hackers rake in $6.5 mn in ransom capital internationally

SamSam is different from the traditional ransomware attacks which, commonly, are not targeted. Cyber security experts say the attack method is unexpectedly manual. It is more like a cat burglar than smash-and-grab attack. “The attacker can employ countermeasures to elude security tools and if sporadic, can delete all trace of itself immediately, to hinder investigation,” according to Internet/ Cyber  security solutions company Sophos.

Hackers have apparently made a killing launching SamSam ransomware into vulnerable computer systems. In thirty months, they have allegedly collected about $6.5 billion to release the information locked in the systems that were taken hostage by them. The ransom amount was initially pegged at $8,50,000, but with more attacks getting reported, the summative amount shot up to $6.5 million.

Whereas the majority of the victims (about 74 per cent) were in the United States, the United Kingdom (8 per cent), Belgium (6 per cent), Canada (5 per cent) and Australia (2 per cent) occupied the subsequent positions. India, along with a few other countries, shared the sixth rank with one per cent share in payouts to the hackers.

What’s ransomware attack?

Hackers cleverly lure the unsuspecting computer users to download a file, which contains malicious software that can make the target computers their slaves. Once they gain access to the PC, they will lock the information, denying the owners access to it. They would, then, demand ransom money to release the data.With little help available, most of the victims pay money to gain access to their valuable information.

“Unlike most ransomwares, SamSam is a thorough encryption tool, rendering not only work data files unusable but any programmed that is not indispensable to the operation of a Windows computer, most of which are not routinely backed up,” Sophos, which released a White Paper on SamSam attack, said.

“SamSam’s attacking method distinctive as it is manual and as a consequence, attackers can employ countermeasures (if needed) to elude many security tools,” it said. “If the process of encrypting data is interrupted, the malware is capable of comprehensively erasing all trace of itself instantaneously, hindering any investigation,” it points out.

“Most ransomware is stretch in large, noisy and untargeted spam campaigns using simple techniques to infect victims and demand relatively small sums in ransom,” Peter Mackenzie, Global Malware Escalations Manager at Sophos, observed. “What sets SamSam apart is that it’s a targeted attack tailored to cause maximum damage and ransom demands are measured in the tens of thousands of dollars,” he said.

Our recently conducted The State Of Endpoint Security Survey revealed that 90 per cent of the businesses in India have been either hit or expected to hit by ransomware,” Mackenzie said.

Traditional endpoint security is no longer enough to protect against today’s evolving ransomware threats.“This is an attack pattern we’re likely to see an increase in India and it is time for Indian businesses and individuals to synchronize their cyber security posture to defend against such attacks,” he said.

Ransomware is a type of malware from Cryptovirology that threatens to circulate the victim's data or unendingly block admittance to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable predicament – and difficult to trace digital currencies such as Ukash or  Bitcoin and other crypto currency are used for the ransoms, making tracing and prosecuting the perpetrators complicated.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "Wanna Cry worm", travelled automatically between computers without user interaction, as said by Kevin Khajuria "Cyber Security & Privacy Analyst"