Chinese hackers turn to ransomware
Chinese hackers are launching sophisticated ransomware attacks – in which they hijack machines and demand payment to decrypt them, according to reports.
Four separate security firms have spotted attacks they believe emanated from China in recent months, reveals Reuters.
There is speculation that the “skilled operators” could be state-sponsored hackers.
The Chinese government said it would investigate if there was reliable proof.
Dell SecureWorks investigated two ransomware attacks this year – one at a transportation company and one at a technology firm
In the second case, 30% of the unnamed firm’s machines were captured by the hackers.
Phil Burdette, who heads an incident response team at Dell said: “It is obviously a group of skilled operators that have some amount of experience conducting intrusions.”
Security firms Attack Research, InGuardians and G-C Partners said they had investigated three other similar attacks since December.
A Chinese Foreign Ministry spokesman told Reuters that it would not act on “rumours and speculation” but the ministry itself said that if there was reliable proof, it would treat the matter seriously.
The Chinese government pledged to oppose economic espionage in an agreement with the US last year, with some US firms since reporting a drop in the amount of hacking sourced from China.
It also wants deeper internet security co-operation with the US as hacking continues to be a sore spot in US-China relations.
If the government has reduced its support for economic espionage, that may mean hackers are looking for other means of supplementing their incomes, reports Reuters.
Recently security firms warned about a huge surge in junk mail messages containing ransomware, which was blamed on new malware hitting the market which can avoid being spotted by anti-virus software.
Ransomware has been around for years but better encryption techniques mean it is often impossible for victims to regain access to their files without co-operation from the hackers.
Many ransomware payments are made in the virtual currency Bitcoin, and few firms are open about such attacks.
Source | BBC