Reuters was the first out with a story about criminal Chinese hackers also trying to get into the ransomware racket. They started out with: "Hackers using tactics and tools previously associated with Chinese government-supported computer network intrusions have joined the booming cyber crime industry of ransomware, four security firms that investigated attacks on U.S. companies said.
Ransomware, which involves encrypting a target's computer files and then demanding payment to unlock them, has generally been considered the domain of run-of-the-mill cyber criminals.
But executives of the security firms have seen a level of sophistication in at least a half dozen cases over the last three months akin to those used in state-sponsored attacks, including techniques to gain entry and move around the networks, as well as the software used to manage intrusions.
"It is obviously a group of skilled of operators that have some amount of experience conducting intrusions," said Phil Burdette, who heads an incident response team at Dell SecureWorks.
Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December.
Lu Kang, a spokesman for China's Foreign Ministry said China does not have time to respond to "rumors and speculation" and that they would investigate allegations if they were made with a "serious attitude."
One theory is that the Chinese government is reducing support for economic espionage, causing government hackers to turn to ransomware for income. It could also just be cybercriminals sharpening their skills and using tools previously only used by governments. More details at The Fiscal Times website.
Concerned about ransomware infections caused by end-users? Get the most informative and complete ransomware hostage rescue manual. This 20-page manual (PDF) is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware.
