Cyber criminals using Ransomware to extort money from hapless companies and individuals
“Ransomware” is a type of malware that gets installed on a computer system through downloads or malicious links and then it proceeds to encrypt all the files and sensitive data. Once the data is encrypted, the victims are asked to cough up a ransom to the malware operators to decrypt it.
The ransom is mostly through Bitcoin- a virtual currency- which is largely being used by Hawala operators.
While initially popular in Russia, Ransomware scams have grown internationally. Surprisingly in 2016, according to Quick Heal, the number of detection of Ransomware samples have reached nearly 450,000 in just 7 weeks.
Neeraj Aarora, a former Delhi Police official and cyber crime expert, told Millennium Post that no law enforcement agency has any structure to protect victims from this menace. “Law enforcement or security agencies have no solution for this category of cyber attacks. Only some preventive measures can be exercised at the user’s end,” he said. Aarora further explained that it is not only a concern for Indian agencies but also for the Federal Bureau of Investigation. The FBI has already cautioned that anyone caught up in such a situation should just ‘pay the ransom’.
Earlier in 2015, the Assistant Special Agent Joseph Bonavolonta who is also in-charge of the FBI’s Cyber and Counter-intelligence Program warned companies that they may not be able to get their data back from cyber criminals who use Cryptolocker, Cryptowall and other malware without paying a ransom. “ Ransomware is that good... To be honest, we often advise people just to pay the ransom,” he said. Bonavolonta was also reported to have said: “the easiest thing may be to just pay the ransom,” and the “overwhelming majority of institutions do just that.”
Explaining the modus- operandi, Aarora said that Ransomware scams were being operated through a software called ‘Tor’ - which makes it difficult for internet activity to be traced back to the user. “Tor is intended to protect the personal privacy of users, as well as their freedom to conduct confidential communication by keeping their internet activities from being monitored,” he said.
At a time when people are getting affected by the Ransomware scam, the Delhi Police have informed that they have not received any complaint related to this. To which Aarora responded by saying that it could be possible that victims are not trusting the police’s capability to help them in crisis. “Agencies are not fully equipped,” he said.
Speaking on the rising threat of Ransomware, cyber lawyer Karnika Seth said: “It doesn’t only impact home computers. IT industry, financial institutions, government agencies, academic institutions, and other organizations can also become targets, resulting in the loss of sensitive data, financial losses incurred to restore systems and files.”