February 24, 2017
It is impossible to deny the success criminals have had with ransomware attacks over the past few years. One thing that keeps baffling security researchers is finding out where these attacks come from. The growth of ransomware attacks in Pakistan seems to be fueled by Indian cybercriminals. A rather intriguing development, to say the least.
INDIAN CRIMINALS DON’T LIKE PAKISTAN
According to a study conducted by cyber security firm Tier3, Indian hackers are responsible for the majority of ransomware attacks plaguing Pakistan as of late. While these criminals are not targeting Pakistan specifically, the country seems to be their primary target for some unknown reason. Indian cybercrime gangs have been distributing ransomware on a global scale and will continue to do so for the foreseeable future.
Kaspersky Labs discovered a total of 60 different crypto-ransomware families over the past 12 months. This indicates five new types of this potent malware has been developed every single month, which is a very troublesome development. Close to 80% of these new ransomware families all come from the same source, which are Indian crime gangs in this case.
The source of these new types of malware was discovered by looking at the individual command and control servers used by the criminals. As it turns out, there are quite a few specific patterns to be identified in this regard. Security researchers also uncovered certain types of ransomware are created by highly-educated and skilled code developers. The way these types of malicious code are written strongly suggest Indian developers are responsible for this distribution.
It is believed some of these crime groups make tens of thousands of Rupees per day from extorting their victims. It would appear criminals are not afraid to get caught while distributing ransomware, which is rather worrisome. Due to their carelessness, researchers were able to follow a trail of digital breadcrumbs, eventually leading back to Indian IP addresses. Relying on bitcoin payments does not provide these criminals with additional anonymity by any means.
The ransomware ecosystem has evolved quite a bit over the past few years. Developers who write code often do not participate in distribution campaigns, as they prefer to make money from selling the code itself. The ones responsible for distributing malicious software to victims usually do so through a system resembling an affiliate program. Every time the crime gang collects a payment from a victim, a portion of said funds will be sent to the ones responsible for distributing it to that particular target.
For the time being, it seems as if the relationship between India and Pakistan will continue to be an uneasy one. Ransomware attacks are a significant threat to computer security and it is doubtful the number of attacks will relent anytime soon. Moreover, as this “cyber war” intensifies, the rest of the world will be caught in the crosshairs.