India is among the top five countries in the world when it comes to attacks using ransomware – malware that forces victims to pay a ransom. (Photo: Liju Joseph/The Quint)
| 6 min read

The New Crime of Hacker Blackmailing & How to Save Yourself

Snapshot
Click here to collapse

The New Crime Of ‘Hacker Blackmail’

  • India is among the top five countries when it comes to ransomware attacks
  • ‘Hacker blackmail’ refers to online extortion by holding your data ‘hostage’
  • 11,674 users in India were targets of ransomware attacks in just 3 months
  • In 2015, $325 millions were paid in ransom to hackers globally
  • Cyber crime is expected to cost the global economy $2 trillion by 2019
  • Hackers are now shifting focus to day-to-day devices, cars & medical equipments

How much would you pay to keep your secret a secret? Especially when the secrets in question refer to your data, other crucial information and personal details. In 2015, two Indian business tycoons paid $5 million each to keep such information from going public.

A group of hackers stole their data from their company servers. This included details that could land them in trouble, if exposed. After the 'ransom' was paid, the business barons realised that the hackers had access to their systems for two to three years, and there was no way to ensure that this would not happen again.

This is said to be the first known case of ransom-hacking or hacker blackmailing involving corporate leaders of India. But there are hundreds and thousands of such cases each year that go unreported.

A map showing the distribution of ransomware attacks in India. (Photo: Harsh Sahani/The Quint)
A map showing the distribution of ransomware attacks in India. (Photo: Harsh Sahani/The Quint)

India is among the top five countries in the world when it comes to attacks using ransomware – malware that forces its victims to pay a ransom. Or, to put it simply, when crucial data or information is 'held hostage' to blackmail and extort money from people.

Sitting at remote locations, hackers encrypt your phone or system data and you are unable to access your device or data. It is then that they demand a ‘ransom’, or money to unlock your system or release the data. If you refuse, they can destroy your information forever. Decrypting the data is a complex process and may not happen every time. Ultimately, they force you to pay for your own data.
Rahul Tyagi, Cyber Security Expert, Lucideus
Ransomware attacks grew dramatically this year. (Photo Courtesy: Twitter/@kaspersky)
Ransomware attacks grew dramatically this year. (Photo Courtesy: Twitter/@kaspersky)

Between March to May this year, 11,674 users in India were attacked by TeslaCrypt ransomware. Victims were trapped using URLs of online gaming sites. TeslaCrypt is now defunct, but such attacks are a growing concern the world over.

The dark web serves as a market for hackers and cyber criminals. Your credit/debit card details, passwords and online information is sometimes sold and bought for as cheap as two dollars, but hackers can extract much more money by hacking your accounts and blackmailing you. 
Trishneet Arora, Ethical Hacker & CEO, TAC Security

The dark web is that part of the World Wide Web which is accessible only using specific tools or authorisation. It is used by cyber criminals and others who want to remain off the authorities’ radar.

Lack of awareness and fragile security system means individuals and firms from India are easy targets.

I remember being contacted by the parents of a girl when her intimate pictures and contact details were stolen and the hacker started blackmailing her. The girl was in shock and the parents kept blaming her for everything. We trapped the hacker through the girl’s social media profiles and he ended up revealing his IP address. We finally traced him to Hoshiarpur in Punjab and got him arrested.
Rahul Tyagi, Cyber Security Expert, Lucideus

Victims of ransom attacks are threatened in the name of releasing sensitive information, intimate pictures, controversial data or secret communication, so the crime is rarely reported.

In the digital world’s  absolute privacy is a myth. The sooner we realise this, the better it is. (Photo: Harsh Sahani/The Quint)
In the digital world’s absolute privacy is a myth. The sooner we realise this, the better it is. (Photo: Harsh Sahani/The Quint)

Jignesh Malwani (name changed), the co-owner of an export-import firm in Gujarat, says ransom hacking is almost like one’s child being kidnapped virtually.

Overseas sales enquiries are a part of our business. A few weeks ago we received a similar query with an Excel sheet attachment. We opened the Excel only to realise that suddenly all the documents, file and data stored on our system have been encrypted. We lost everything related to our business in a second. We then received a message on our screen that instructed us to go to a particular server and make a payment in Bitcoins through a given ID. We have disconnected the PC and are seeking expert help to restore the data. I am not sure if the police’s cyber crime cell is capable of helping cyber crime victims.
Ransom-hacking victim, Ahemdabad

The cyber crime redressal mechanism in India leaves a lot to be desired. In 2006, the Ministry of Communication and Information Technology formed the Cyber Appellate Tribunal (CyAT), a specialised forum to redress cyber fraud. With an expenditure of nearly Rs 30 crore in the last five years on salary and daily operations, the tribunal has rarely heard cases or disposed of any complaints!

While check mechanisms are not in place, threats continue to rise.

In 2015, the world lost $325 million in ransom paid to the attackers or hackers by the victims of crime-ware Cryptowall.

Virtual currency Bitcoins is the most popular mode of ransom payment since the transactions are almost impossible to trace. (Photo Courtesy: Twitter/ @Kaspersky)
Virtual currency Bitcoins is the most popular mode of ransom payment since the transactions are almost impossible to trace. (Photo Courtesy: Twitter/ @Kaspersky)

Global trends suggest that cyber criminals are now shifting their focus from computers and servers to day-to-day devices, cars and even medical equipment. Picture this:

A machine used for remote surgeries is all set. The patient is on anaesthesia and a team of doctors from a remote location are ready to perform the surgery. Just when they are about to start, the machine gets encrypted, doctors lose control over the operating devices and nothing seems to be working. The hackers, who were aware of the exact timing and procedure of the surgery, have hacked into the medical devices and encrypted them. The patient is on bed, the surgery is crucial and the hackers will not unlock the machines till you pay them a ‘ransom’.

This is only one of the many hypothetical situations that cyber security experts and ethical hackers fear may become a reality soon.

Internet literacy is the easiest way to stay safe from cyber crimes. (Photo Courtesy: Twitter/@Kaspersky)
Internet literacy is the easiest way to stay safe from cyber crimes. (Photo Courtesy: Twitter/@Kaspersky)

So what is it that can keep your data safe and prevent ransom-hackers from holding critical businesses and consumer data hostage? 'White hat hacker' Rahul Tyagi suggests:

  • In case of a ransom-hack, disconnect your device so that the hackers cannot further trace your online activities.
  • Do not make payments. There is no surety of your data being released.
  • Consult a cyber security expert, an ethical hacker.
  • Always keep multiple backups of your data.
  • Torrent sites are usually the biggest traps. Videos/films can be infected with the malware, so beware before you download them on your system.
  • Do not ignore the security pop-ups that warn you about unsafe websites & infected URLs.
  • Pornographic websites have pop-ups and one click can download malware on your system.
  • Letting your child visit gaming portals and download pirated/infected games can put your laptop at risk.
  • Check the email addresses and URLs before opening. Fake emailers and spear phishing (an email that appears to be from an individual or business that you know) can be detected through illegitimate or incorrect company names or URLs. For example, http:// instead of https://; www.paypa1.com instead of www.paypal.com)

Internet ignorance is the new illiteracy and in the digital world, awareness is the best safety measure you can adopt. Hackers are waiting for us to make a wrong move and the challenge is to avoid that as far as possible.