Ransomware is a kind of cyber attack that’s growing in popularity. Here’s how it works: hackers infiltrate computers, encrypt files you want to have access to, and demand money from you to get them back via anonymous Bitcoin transactions.
Ransomware attacks are conducted by ordinary individuals with extraordinary computer skills, but recent developments suggest that hackers who may have otherwise worked for the Chinese government are turning to ransomware operations to supplement their fading income.
DON’T MISS: The FBI’s worst nightmare is coming true
According to Reuters, these hackers use tactics and tools that are more sophisticated than usual ransomware attacks, and which have been associated with Chinese government-supported computer network attacks.
Four security firms that investigated such attacks speculate that highly trained professionals might be behind attacks. Some of these hacks have affected a large number of computers belonging to various firms – all U.S. companies affected by ransomware cases refused to be identified.
Dell SecureWorks’s head Phil Burdette said his firm was called to investigate three cases over three months and they found that hackers exploited known vulnerabilities in application servers. That’s a crucial step in spreading ransomware. And the fact that hackers attacked companies rather than individuals suggests these are professional hackers who’re simply using some of the entry access points they may have deployed during spying attacks to install ransomware on machines.
Victims included a transportation company and a technology firm that had 30% of its machines encrypted. Hackers installed ransomware on more than 100 computers in each of the companies investigated by Burdette, meaning they had wide accesses to internal servers.
Other security firms including Attack Research, InGuardians and G-C Partners have investigated three similar ransomware cases since December.
The companies concluded that the attacks are likely a work of a group originating from China that’s known for targeting U.S. companies.
China, meanwhile, has denied any connection to ransomware attacks, saying that if these comments are made with a “serious attitude” and reliable proof, it’ll investigate the matter.
While security companies can be 100% certain that Chinese hackers are responsible for planting such malware, they theorize that some hackers who may have worked for the Chinese government until recently are now without a job, following the China-U.S. anti-hacking agreement from last year. These individuals are looking to other income avenues, and they might be simply taking advantage of portals into U.S. companies to cash in quickly, rather than keep spying on potential targets.