Nantong, Jiangsu Province cracked a Bitcoin network extortion case and the creator of the ransomware virus was arrested

The reporter learned from the Nantong Public Security Bureau of Jiangsu Province that the local police successfully cracked a major case of creating and using ransomware to carry out cyber extortion supervised by the Ministry of Public Security during the "Net Clean 2020" special operation, and three criminal suspects including Ju were arrested. As of the time of the incident, Ju, as the creator of multiple Bitcoin ransomware viruses, had successfully committed more than 100 crimes and illegally obtained Bitcoins equivalent to more than 5 million yuan.

In April this year, the cash register system of a large supermarket in Nantong was attacked and the system was paralyzed and could not operate normally. "Through data investigation, we found an English message asking for 1 Bitcoin as the decryption fee." Xu Pingnan, deputy captain of the Third Brigade of the Cyber ​​Security Brigade of the Nantong Public Security Bureau, said that since Bitcoin is traded through overseas websites, it is difficult to track down, and the identity of the initiator of the attack is often a mystery.

During the investigation, the supermarket manager said that the locked server had been unlocked by a data recovery company from another place. "When a ransomware virus invades a file or system, each decryptor is newly generated based on the characteristics of the encrypted computer. It is impossible to decrypt without the virus creator's decryption tool," said Xu Pingnan.

Nantong police followed the clues and successfully locked the suspect Ju. The police found relevant email records, Bitcoin transaction records and the source code of related ransomware tools in his computer. Ju confessed that he developed a website vulnerability scanning software, and after obtaining relevant control permissions, he implanted the ransomware in a targeted manner. In order to avoid cracking and evading the investigation of the public security organs, Ju successively developed and upgraded 4 types of ransomware. In addition to demanding Bitcoin that is difficult to trace as ransom, he used overseas network disks and emails.

The police found out that Ju had implanted extortion viruses into more than 400 websites and computer systems. The victims involved businesses, medical care, finance and other industries. For example, a listed company in Suzhou had its system implanted with a virus, causing it to stop production and work for three days, resulting in huge losses.

During this period, several data recovery companies took the initiative to contact Ju to seek cooperation. In the end, Ju and a data recovery company run by Xie and Tan reached an agreement that Ju would program, the company would find targets to implant viruses, and the ransom would be divided according to the proportion after it was received.

At present, the three suspects involved in the case have been arrested on suspicion of extortion. (Xinhuanet)