Pictured: Inside the HQ of Chinese cyber ransom gang
It looks like a trendy start-up. But they take over computers – then charge a fortune to unlock them
WITH a young man in shorts strumming his guitar and desks littered with water bottles and coffee cups, it could be a scene from any trendy tech start-up firm.
But this picture is believed to be the first from inside the lair of a so-called ransomware gang.
The fast-growing crime involves hackers seizing control of an IT system or data and demanding money to release it.
In the photograph – accompanied by a caption in Chinese reading ‘Wow! Little brother playing guitar’ – a second man peers at a screen, possibly orchestrating a fresh crime.
Unearthed by cyber security firm Internet 2.0, the photo is thought to show members of APT41, a Chinese group blamed for more than 100 hacks, including ransomware attacks, up to last year.
The FBI issued a wanted poster last September featuring the faces of five APT41 members wanted for questioning over a string of raids in the US, UK, Australia and Taiwan.
‘We’ve seen a sustained, unrelenting global attack’
The group is also suspected of spying for the Chinese regime, including during the pro-democracy protests in Hong Kong in 2018.
Ransomware profits last year are conservatively estimated at £250 million.
According to research by cryptocurrency experts Chainalysis, the gangs saw profits leap by more than 300 per cent last year.
Apart from the US, Britain is the most targeted country, with schools, charities and even individuals now added to existing targets such as large companies and Government departments.
Since December, more than 100 UK schools have been attacked, while people and organisations with Microsoft Exchange email accounts have also fallen prey to extortion bids.
Even The Woodland Trust, a conservation charity, was targeted in December, causing problems for several months.
Late last year the Scottish Environment Protection Agency (Sepa) fell victim to one of the most devastating hacks seen in Scotland.
More than 4,000 of its files were dumped onto the internet, including sensitive operational material and embarrassing staff emails complaining about the quango’s ‘toxic’ management.
The files were released after Sepa refused to pay a ransom.
It is estimated the attack and the subsequent improvements to cyber security cost around £800,000.
Security experts fear criminals will switch their attention to the health service, as they did in Germany last September when they crippled a large hospital. Ciaran Martin, who was in charge of GCHQ’s National Cyber Security Centre until last August, said: ‘Right through the pandemic, the main worry was that someone would ransomware a hospital.’
Internet 2.0 co-founder David Robinson said: ‘APT41 is into everything. Ransomware has been a big part of their operation and what we’ve seen around the world for the last year is an unrelenting, sustained attack on organisations and individuals.’
The suspected APT41 hipster hackers in the photograph are in China, but other ransomware gangs are based in Russia, several former Soviet states, North Korea, Iran and parts of West Africa.
Thought to be in Russia, the notorious REvil group has targeted Microsoft emails and it is suspected of an attack against the Harris Federation, a group of nearly 50 primary and secondary schools in and around London. The gang last year also received £1.8 million from Travelex, the now bankrupt foreign currency exchange service.
High street retailer Fat Face is understood to have paid a £1.45 million ransom to a gang called Conti which stole data in January.
Conti is thought to be linked to a suspected Russian ransomware cartel called Ryuk.
The Kremlin is accused of turning a blind eye as long as Russian firms and interests are spared.
Security experts say the Government must make it harder for firms to pay up.
‘We’ve got ransomware wrong as a society and criminals have clocked that it’s a lucrative, successful line of business,’ Mr Martin said. ‘Ransomware is increasing because it pays.’