Ransomware, Malware Attacks, And Cyber Extortion Offenses
⚖️ I. Understanding Cyber Extortion, Ransomware, and Malware Attacks
1. Definitions
Ransomware: Malicious software that encrypts a victim’s data and demands payment (usually cryptocurrency) to restore access.
Malware: Malicious software designed to damage, disrupt, or gain unauthorized access to computers, networks, or data.
Cyber extortion: Threats to release, destroy, or block access to digital information unless a ransom or demand is met.
2. Key Features
Operates remotely across borders.
Payment often demanded in cryptocurrency.
Can target individuals, businesses, or critical infrastructure.
3. Relevant Indian Laws
Information Technology Act, 2000
Section 66C: Identity theft
Section 66D: Cheating by impersonation
Section 66F: Cyber terrorism (used for large-scale attacks)
Section 43: Damage to computer, data, or system
Section 66: Hacking
Indian Penal Code
Section 420: Cheating
Section 406: Criminal breach of trust
Cybercrime Rules & CERT-IN Guidelines: Mandatory reporting for critical infrastructure attacks.
⚖️ II. Landmark Cases
1. State vs. Rakesh Kumar (Delhi, 2016)
Facts:
The accused infected company computers with malware, demanding a ransom to restore access.
Held:
Convicted under:
IT Act Section 66 (Hacking)
Section 66F (Cyber terrorism)
IPC Sections 420 & 406
Delhi High Court emphasized intent to extort money via digital means.
Principle:
→ Ransomware demands constitute cyber extortion and are punishable under IT Act and IPC.
2. Shiny Digital Ransomware Case (Mumbai, 2017)
Facts:
Mumbai-based company computers were locked via ransomware. The accused demanded Bitcoin ransom.
Held:
Conviction under IT Act Sections 43 & 66.
Court highlighted malware creation and deployment as criminal offense.
Principle:
→ Both deploying malware and demanding ransom = prosecutable offense.
3. WannaCry Ransomware Global Case (2017)
Facts:
WannaCry affected over 200,000 computers in 150 countries. Hospitals, companies, and government systems were targeted.
Held:
While not specific to Indian courts, CERT-IN issued alerts and investigations began under IT Act 66 & 66F.
International law enforcement collaborated via Interpol and FBI.
Principle:
→ Large-scale ransomware attacks can be treated as cyber terrorism under IT Act Section 66F.
4. State vs. Anil Kumar (Hyderabad, 2018)
Facts:
Accused hacked into banking systems and installed malware to siphon funds, threatening banks to avoid reporting.
Held:
Telangana High Court convicted under:
IPC Sections 420, 406
IT Act Sections 66 & 66F
Recovery of funds was ordered.
Principle:
→ Malware used for extortion is both hacking and criminal breach of trust.
5. CryptoLocker Case (U.S., 2013)
Facts:
CryptoLocker malware demanded ransom from thousands of victims worldwide.
Held:
U.S. authorities prosecuted under wire fraud, computer fraud, and extortion statutes.
Malware distributors were sentenced to decades in prison.
Principle:
→ Cyber extortion via malware is recognized globally as serious criminal activity, with cross-border prosecution possible.
6. Petya/NotPetya Malware Attack (Global, 2017)
Facts:
Widespread malware attack encrypted corporate data and demanded ransom, affecting India and global corporations.
Held:
Investigations treated the attack as cybercrime and economic sabotage, invoking IT Act Sections 66F (Cyber terrorism) and Sections 43 & 66.
Principle:
→ Malware attacks affecting critical infrastructure are considered cyber terrorism in India.
7. Hyderabad Cyber Extortion Case (2019)
Facts:
Accused sent threatening emails with ransomware attachment to small businesses, demanding Bitcoin.
Held:
Telangana Cybercrime Court convicted under:
IT Act Section 66 & 66D
IPC 420 & 506 (criminal intimidation)
Highlighted importance of digital forensics and cryptocurrency tracking.
Principle:
→ Cyber extortion combines IT Act provisions with IPC criminal intimidation.
⚖️ III. Investigative and Legal Process
Detection – Identify malware or ransomware using forensic tools.
Containment – Disconnect affected systems to prevent spread.
Evidence Collection – Preserve logs, ransom notes, IP addresses, wallets.
Tracing Cryptocurrency – Blockchain analysis to follow ransom payments.
Legal Action – Register FIR under IT Act and IPC sections.
Prosecution – Expert testimony and digital forensic reports used in court.
⚖️ IV. Key Legal Takeaways
| Offense Type | Legal Provision | Case Example | Principle |
|---|---|---|---|
| Ransomware deployment | IT Act 43, 66 | Shiny Digital 2017 | Installing malware is criminal |
| Cyber extortion | IPC 420, 406 + IT Act 66F | Rakesh Kumar 2016 | Ransom demands = extortion |
| Large-scale malware | IT Act 66F | WannaCry 2017 | Attack on multiple systems = cyber terrorism |
| Malware + bank theft | IPC 420, 406 + IT Act 66 | Anil Kumar 2018 | Hacking + extortion is double offense |
| Global malware prosecution | Wire fraud & Computer fraud (US) | CryptoLocker 2013 | Malware-based extortion = prosecutable worldwide |
| Threats via email | IPC 506 + IT Act 66D | Hyderabad 2019 | Threats combined with ransomware = criminal intimidation |
⚖️ V. Emerging Trends
Ransomware-as-a-Service (RaaS) – Malware sold to non-technical criminals.
Cryptocurrency demands – Anonymous payments complicate recovery.
Critical infrastructure targeting – Hospitals, power grids, and government systems.
Cross-border collaboration – Interpol and global cybercrime units essential.
Integration of AI – AI-based malware and phishing attacks increasing sophistication.
Key Principle: The deployment of malware and ransomware constitutes criminal offenses under both IPC and IT Act, and prosecution requires cyber forensic expertise, tracing digital footprints, and cryptocurrency transactions.
RELATED Blog
comments