Are Chinese Hackers To Blame For US Ransomware Attacks?

Shutterstock

Four security firms currently investigating the matter say “yes.”

According to the cybersecurity companies, the tactics and tools used to perpetrate the growing rate of the ransomware attacks throughout the U.S. matches the sophistication level of those previously associated with Chinese government-sponsored computer network intrusions.

The security firms have identified more than half a dozen ransomware attacks over the last few months that seem to have similar techniques to those of the state-sponsored attacks used to gain unauthorized access to networks and software management services, Reuters reported Tuesday (March 15).

“It is obviously a group of skilled operators that have some amount of experience conducting intrusions,” Phil Burdette, an incident response team leader at Dell SecureWorks, told Reuters.

Burdette and his team have reportedly called in three separate cases in which hackers spread ransomware and subsequently infected more than 100 additional computers in the network through installations of the malicious software.

When asked to comment on the matter, China’s Foreign Ministry said they are not treating the matter seriously without any reliable proof. The spokesman called the current allegations surrounding the country’s online activities simply “rumors and speculation.”

Ransomware isn’t a new problem by any means, but even more citizens and businesses across the U.S. are finding themselves hit by so-called ransomware — malicious software that holds a user’s computer hostage unless the perpetuator is paid off, generally in bitcoin.

According to forthcoming data from the FBI, 2,453 reported ransomware incidents occurred in 2015. All in, victims paid out about $24.1 million total. That is an apparent pickup from 2014, though the comparisons are imperfect since 2104 saw a change to the current data collection method. The FBI noted that, during the last nine months of 2014, there were 1,838 reported incidents for losses of $23.8 million.

Just last week, Apple was able to announce the containment of the ransomware attack that was impacting its Mac computers.

Macs were attacked with a ransomware called “KeRanger,” which is a software the restricts the user’s access to a computer system and demands that the user pay a ransom before they can use the device again. And, according to John Clay, a representative for the open-source Transmission project, that ransomware was downloaded roughly 6,500 times before Apple and its developer team could stop the threat.

While that may seem like a lot, the number of ransomware attacks impacting Microsoft’s Windows OS topped roughly 8.8 million attacks in 2014, according to cybersecurity firm Symantec Corp. However, this initial impact on Macs could mean more to come.