Three banks and a pharmaceutical company in India have been revealed as targets of a ransomware scheme that saw a ransom demand in bitcoin.
In what is now the first known instance of an online extortionist demanding ransom in bitcoins from Indian targets, the Economic Times has revealed that hackers disrupted operations by crippling computers at three banks and a pharma company.
Ransomware schemes are notorious for their scale of operations. A recent report revealed that an estimated $325 million has been plundered by ransomware operators in 2015 alone. Cryptowall was reported to be the intrusive strain malware, affecting hundreds of thousands of victims around the world who reportedly paid the ransom in bitcoin.
Ransomware as a malware works by encrypting files in a target’s computer cryptographically, a feat which requires a decryption key to unlock the files for accessibility. A bitcoin ransom is demanded in exchange for this decryption key.
In the most recent example of a bitcoin extortion case involving ransomware, the attackers targeted the Indian companies by initially compromising the IT administrators’ computers. According to an ET source close to the investigation, the Le Chiffre ransomware, a strain of malware that encrypts targeted files and changes their extensions. The Le Chiffre malware strain encrypts data and servers with 256-bit public key cryptography, with the private key in the possession of the extortionist.
All four targets were infected when an IT administrator opened a faux email containing the malware disguised as correspondence from senior management. Once the email was opened and the IT administrator’s computer was compromised, the malware spread to other computers in the banks’ and company’s network.
A Bitcoin for Each Encrypted Computer
The ransomware affected thousands of computers at the banks and the pharma company, with extortionists demanding a bitcoin each for the every decryption key required to free the encrypted computer again.
Such demands make the extortion scheme worth millions of dollars. While the banks and the company’s names weren’t revealed, the publication confirmed that a bitcoin ransom was paid to decrypt some computers.
Speaking to FT, Mukul Shrivastava, partner at EY for fraud investigation and dispute services said:
In some cases, the companies also paid the extortion money for about 15 computers so that at least he top executives could use their computers.
As India’s economy thrives, experts claims that Indian companies will be targeted by malware-authors more frequently. Furthermore, Indian companies are known to protect their image and interests, even at the expense of ransom demands. Experts cite the example of an alleged incident in May 2015, wherein two Indian conglomerates paid $5 million in ransom, each after malicious hackers breached their systems. The extortionists are believed to be operating from the Middle East and threated to leak the companies’ information to the Indian government if ransom payments weren’t made. In wanting to remain secretive of such attacks to avoid embarrassment, both the companies reportedly paid up.
Bitcoin Ransoms on the Rise
Blackmailers are known to target countries with deadly disease, as in the case of extortionists who sought a million Euros from the Czech Republic or face the threat of an Ebola infection. A small Italian town’s administrators paid a bitcoin ransom after falling prey to ransomware. Several Greek banks were the target of multiple DDoS (distributed denial-of-service) attacks where the cybercriminals sought a bitcoin ransom.
CCN and sister publication Hacked were also the targets of a recent DDoS-based extortion scheme where the extortionist demanded 2 BTC as ransom.
The latest incident certainly isn’t going to be the last known case of bitcoin-seeking extortionists. Law enforcement agencies and cybersecurity firms have taken notice and a recent endeavor to nab cybercriminals demanding bitcoins resulted in arrests of malware authors.
Image from Shutterstock.