Reports indicate that most of the ransomware attacks that were suffered in the United States have probably come from Chinese trained professionals.
Ransomware a very popular malware, which is used by most hackers nowadays, is a type of cyber-attack that allows hackers to infiltrate a device, encrypt files that the user or owner might need access to urgently, and then demand money from the user to get them back since they will be the ones who will be owning them now. The money demands are usually done Bitcoin exchange because of its secretive nature.
It is believed that the attacks have been associated with Chinese government-supported computer networks attacks, are originating from hackers who previously worked for the Chinese government to supplement their incomes. This is because of the tactics they have used which are complicated than the regular ransomware attacks.
Four security companies investigated these attacks; all speculate and think only highly trained professionals would be behind such attacks. These attacks have had a huge impact on many American companies, but none accepted the option to be identified.
The head at security firm, Dell SecureWorks’s, Phil Burdette said his company had been called to investigate three cases over three months that all seemed to be the same, and they identified that hackers exploited known vulnerabilities in application servers. The fact that these hackers were not only targeting individuals but big corporations indicates that these are professional hackers who were using tactics and knowledge they gained from training. Burdette’s company investigated affected organizations including a transportation company and a technology firm which apparently had 30% of its machines. The hackers had managed to install ransomware on 100 computers in each of the companies.
Other security firms which also investigated rather similar ransomware attacks included Attack Research, InGuardians and G-C Partners which all examined three similar ransomware cases since December last year. Their conclusion was that the attacks were probably originating from China from a group predominantly known to attack United States companies.
China, however, has denied any of these allegations and also denying being involved either directly or indirectly in the ransomware attacks. They did, however, say they would be open to investigating the matter if there was reliable proof and the comments were made in a serious note.
The security firms are 100 percent certain that these ransomware attacks have been by Chinese hackers probably due to the nature of the attacks, but the other fact they give that this might be due to Chinese hackers who were laid off and were looking for other revenue streams is nothing short of speculation. The Chinese government and the US signed an anti-hacking agreement last year.