Engineers who used to work on cyber-security, they're doing hacking, using the horse virus. Drop itEnterpriseThe internet system, demanding digitally encrypted money for ransom..ExtortionIn the case, the four defendants were sentenced to prison terms for extortion and offences against citizens ' personal information。
It's an elaborate plan
At the end of 2023, the head of the technical department of an “old” medical institution in hangzhou received successive calls from various departments, reflecting the irregular log-in of the system. The technicians entered the operating pages and found that the suffix of all system files became ". Uncle". A document in the back-office management system, called readme. HTML, received their attention following a check. It says, "i."Then the technicians found something like “payment method” (payment mode) “wallet address” (wallet address) in the document. A total of 89 servers were verified to be inoperable and the business system, including electronic medical records and wholesale chains, was completely paralysed. With a view to resuming operations such as online registration as soon as possible, the maximum guarantee is that the patient will not be delayed, and the medical facility has not been able to accept the payment of digitally encrypted currency as a “locking off ransom”。
Following this report, the hangzhou police discovered two more businesses that had been extorted by the group. According to statistics, three of the enterprises killed paid each other over $330,000 to purchase digitally encrypted money from third parties in order to resume normal operations。
In a presentation by the police officers of the network of public security substations in the upper city of hangzhou, suspects were able to concentrate on a large number of technical operations in a short period of time and had a strong counter-detection awareness, with multiple “jumpboard” servers with ip addresses covering various locations both within and outside the country. There are indications that this case is presumably committed by well-organized and clearly divided groups. Following up the investigation by technical means, the public security authorities have gradually identified the persons involved. In december 2023, four-person criminal gangs headed by kikuchi were arrested in hao and hot and beijing, respectively。
Group plan to use technology to make quick money
After the arrival of the four individuals, the facts of the crime of extortion using the mumma virus were admitted and the facts of the case gradually surfaced。
It turns out that kiichi, han, li, or some of them were engineers in a technology company in beijing who were responsible for the security of the network, and hao, who was a close friend with kiichi, han, or some of them. As a result of their familiarity with the “doorway” of network security, qi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, and zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, zi, and zi, and zi, zi, zi, zhu, zhu, z, z at first, they focused on the business of selling citizen information: between april and july 2023, a certain person illegally crawled into the system through a server loophole, obtaining more than 60,000 pieces of information including consignees, receiving addresses, telephones, etc., and profiting more than 200,000 yuan from illegal trafficking. However, the price of such data on the “black market” was gradually lower, and they decided to replace the “race track” with a virus for extortion。
In order to improve efficiency, kiyochi and han and others have set up “extortion studios” in rental houses in ho hoot. There is a clear division of labour among the four members: kiichi, han, who prepared and tested the blackmail codes, ho ho, li, who collected and added a loophole “backdoor” to the corporate server, and then entered the website from the “backdoor” to upload the carpenter virus that performed the encrypted task. According to the prosecutor, these individuals, while working on the internet, often focused on common server loopholes published in the technical forum and looked for breakable forts online. “in order to enhance the effectiveness of cyberattacks, they also modify the program code using artificial intelligence aids.” thus, in less than a week, the group continued to commit three crimes, causing damage to the enterprise。
Together, build a cyber-security fence
On 11 september 2024, the people's procuratorates of the upper city district prosecuted one or more of the four individuals in accordance with the law, respectively, for extortion and offences against citizens ' personal information. In march 2025, the case was heard in the upper city people's court. In recent days, four accused have been sentenced in the first instance to prison terms ranging from three to seven years and six months, with a fine. The judgement is now in force。
“unsatisfied to want `quick money', this mentality hurts.” in the face of the judge's questioning, some of the tears of regret were shed. Following the first instance judgement, all four accused indicated that they were subject to the judgement and did not appeal。
According to the hosting prosecutor, the development of artificial intelligence technology has further lowered the threshold of attacks in recent years, leading to an increase in the frequency of hacking and extortion targeting corporate servers, particularly small and medium-sized private enterprises with weak internet capacity, making the detection of cases more difficult. Cybersecurity experts recommended that, in the face of cyber-extortion, in addition to timely and regular evidence alerts after an incident, enterprises regularly provide “cold backup”, i. E., a one-time, seven-day off-line backup of all server data. In the event of extortion attacks, the system could be restored to data within at least seven days, without total paralysis; in addition, a “specialized equipment + security” service model could be used to deploy a set of anti-extortion detection equipment along with a security policy to effectively compensate for losses caused by hacking。
The devil is tall, the way is tall. Although the use of artificial intelligence techniques and virtual currency, among others, has allowed traditional crime to be “fresh-up”, investigative and forensic techniques are constantly being updated and relevant laws and regulations are being improved, creating a stronger cyber-security fence. At the same time, enterprises, especially small and medium-sized enterprises, need to raise awareness of risks and improve security measures, and to secure their rights in a timely manner in the event of online extortion。
Reporter wu, handsome
