We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.


Out-of-Work Chinese Government Hackers May Be Behind Sophisticated Ransomware Attacks

The downside of Obama’s effort to rein in Chinese industrial espionage could be advanced ransomware attacks on U.S. companies.

Malicious software that holds data hostage using encryption has already proved devastatingly effective and very lucrative for criminals. Now some of the Internet’s most sophisticated criminals are getting in on the act, targeting corporations as a quick path to profit.

Reuters reports that four leading security firms have seen ransomware used against U.S. companies by people who appear to be associated with hacking groups that work at the behest of China’s government. Such groups usually target corporate secrets in sophisticated operations that experts say are state-sponsored economic espionage.

Victims of this new high-end ransomware include transportation and technology companies, according to Reuters. Their report doesn’t say how big a ransom the attackers asked for, but groups with enough skill might be able to hold very valuable data hostage and demand large payouts.

By contrast, ransomware is usually spread as widely as possible by criminals who demand modest sums for the safe return of data, typically around $500, because they want to collect from individuals as well as companies.

Why hackers who usually work for a superpower might start using a small-time criminal tactic is unclear. One reason is that deploying ransomware might be an easy way to extract some extra money once a conventional espionage job is over.

A more intriguing possibility is that these might be lean times for China’s industrial espionage hackers. Late last year President Obama and his Chinese counterpart Xi Jinping agreed not to support theft of intellectual property, and to assist each other in investigating cases that did occur. The deal was seen as a breakthrough after years of U.S. complaints about computer incursions from China.

The Cryptolocker ransomware message is not a welcome sight.

That agreement may have caused China to cut back on its sponsorship of hackers, driving them to find alternative forms of income, the security companies reporting the new malware campaigns told Reuters. If that theory is correct, companies might expect to see less of their data headed to China, but more of it locked up by malware with a ransom note attached.

Either way, we can expect ransomware to become more common. The FBI’s Internet Crime Complaint Center said on March 10 that it was notified of 2,453 ransomware infections by victims in 2015, who collectively paid $24.1 million to get their data back. The true figure for the U.S. is likely to be much higher, and the FBI expects the problem to grow.

(Read more: Reuters, Wall Street Journal, “Holding Data Hostage: The Perfect Internet Crime?” “Waiting for a Drop in Corporate Hacks After U.S.-China Deal,” “Hospital Forced Back to Pre-Computer Era Shows the Power of Ransomware”)

Keep up with the latest in China at EmTech Digital.
Don't be left behind.

March 25-26, 2019
San Francisco, CA

Register now
The Cryptolocker ransomware message is not a welcome sight.
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.