Ransomware And Cyber Extortion Cases
Ransomware and Cyber Extortion Overview
Ransomware is malicious software that encrypts a victim’s files or locks their system, demanding payment (usually cryptocurrency) to restore access.
Cyber extortion involves threatening individuals, businesses, or governments with harm, data leaks, or disruption unless a ransom is paid.
These crimes are punishable under IT Act 2000 (Sections 66, 66C, 66D, 66F) in India and various cybercrime laws worldwide.
Detailed Cases
1. WannaCry Ransomware Attack (2017)
Jurisdiction: Global (Impact in India included)
Facts:
The WannaCry ransomware exploited a vulnerability in Microsoft Windows (EternalBlue exploit) and infected computers worldwide, including critical Indian organizations like hospitals. Victims’ files were encrypted, demanding Bitcoin payment.
Legal/Investigative Outcome:
This attack led to heightened cybersecurity protocols.
Though attribution was difficult, it was traced to North Korean cybercriminal groups.
Highlighted the importance of patching systems and ransomware awareness.
Significance:
Demonstrated the potential of ransomware to disrupt critical infrastructure. Indian organizations were advised to follow CERT-In guidelines to prevent similar attacks.
2. Colonial Pipeline Cyber Extortion (2021, USA)
Jurisdiction: United States
Facts:
A ransomware attack targeted the Colonial Pipeline, the largest fuel pipeline in the U.S., encrypting operational data. The attackers demanded ransom in cryptocurrency. The company paid approximately $4.4 million to regain control.
Legal Outcome:
The FBI traced the attack to the DarkSide ransomware group.
Several arrests and seizure of cryptocurrency were made in later investigations.
Significance:
A case of ransomware impacting national critical infrastructure and prompting regulatory measures for pipeline cybersecurity.
3. JBS Foods Ransomware Attack (2021)
Jurisdiction: International (Headquartered in Brazil, operations in India included)
Facts:
JBS, the world’s largest meat supplier, suffered a ransomware attack that temporarily shut down operations in multiple countries. Attackers demanded millions in Bitcoin.
Legal Outcome:
JBS paid $11 million to the REvil ransomware group to restore systems.
Governments across the U.S., Canada, and Australia launched cyber investigations.
Significance:
Highlighted supply chain vulnerabilities and global ransomware extortion threats.
4. Travelex Ransomware Attack (2020)
Jurisdiction: UK, impact in India via online services
Facts:
The currency exchange company Travelex suffered a ransomware attack (Sodinokibi/REvil), taking down online operations and ATMs. Attackers demanded a ransom of $6 million.
Legal Outcome:
Systems were offline for weeks; Travelex eventually paid part of the ransom.
Case prompted regulators to issue warnings about cyber resilience in financial services.
Significance:
Showed the economic impact of cyber extortion on financial institutions and retail clients.
5. University of California San Francisco (UCSF) Ransomware Attack (2020)
Jurisdiction: USA
Facts:
UCSF, a leading medical and research institution, was attacked by Netwalker ransomware. Critical research data, including COVID-19 studies, was encrypted. Attackers demanded $1.14 million.
Legal Outcome:
UCSF paid the ransom to recover critical research data.
FBI investigated the ransomware group responsible.
Significance:
Highlighted that educational and healthcare institutions are prime ransomware targets.
6. Indian Banking Sector Ransomware Attempts
Jurisdiction: India
Facts:
Multiple banks reported phishing-linked ransomware attacks where malware encrypted client data and demanded cryptocurrency ransom. Banks refused to pay, relying on internal backups.
Legal Outcome:
FIRs were registered under IT Act Sections 66, 66F.
CERT-In provided guidelines to block malware and secure banking networks.
Significance:
Demonstrated the growing threat of ransomware in India and the need for proactive cybersecurity measures.
Key Legal Principles Emerging from Ransomware Cases
Cybercrime Investigations:
Ransomware and extortion cases require digital forensics, blockchain tracing, and international cooperation due to cross-border attacks.
Prosecution under IT Act:
Section 66: Hacking with computer system
Section 66C: Identity theft
Section 66D: Cheating using computer
Section 66F: Cyber terrorism (if critical infrastructure is targeted)
Evidence Collection:
Encryption, cryptocurrency transactions, and logs are critical evidence.
RELATED Blog
0 comments