Advocate (Dr.) Prashant Mali's Blog

A Canadian insurance company infected by ransomware virus paid off the cybercriminals using its cyber insurance policy. Their British reinsurers, having to disburse 109.25 Bitcoins, wanted it back from the blackmailing cybercriminals. After infection, the unnamed Canadian company suffered a total lockdown of all of its systems and asked its reinsurance firm to pay the ransom so it could get back on its feet. Paying off blackmailers holding a company to ransom is never advisable, many a time it is against the local law. Despite a negotiation that made criminals bring down their initial demand of $1.2m to $950k, the decryption tool provided had to be run on each and every affected device on the company's network. It took five days to decrypt 20 servers and "10 business days" to unlock 1,000 desktop computers. Neither company was going to pay out and forget the incident. The English reinsurer hired Chainalysis Inc, a "blockchain investigations firm&q

Ransom-payers are also the cause of ransomware proliferation: Prashant Mali The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins Nikita Puri   July 1, 2017 Last Updated at 21:20 IST Operations at a terminal of the country’s largest container port,  Jawaharlal Nehru Port Trust  in Mumbai, came to a standstill earlier this week. The process of loading and unloading containers was halted as the port’s computers shut down after a major  cyber attack  that swept across the globe. The aggressiveness of the malware showed that such attacks were capable of bringing both corporate and government networks to a sudden halt. The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins.  Cyber law  expert  Prashant Mali , also an advocate at the Bombay High Court, tells  Nikita Puri  how to prevent mass-scale civil disruptions that future cyber attacks can result in. Edited excerpts:   First  we had individual com

Petya/Petwrap ransomware What is Petya Ransomeware do? Ans:  Ransomware, Petya does not encrypt files on a targeted system one by one. Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot. Why it spreads fast? Ans : Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010) So patch both first! Affected countries: UK, Ukraine, India, the Netherlands, Spain, Denmark, and others Behavior: Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that s

New Age Cyber Crimes : 2016 New trends in cybercrime are emerging all the time, with estimated costs to the global economy running to billions of dollars. In the past, cybercrime was committed mainly by individuals or small groups. Today, we are seeing highly complex cybercriminal networks bring together individuals from across the globe in real time to commit crimes on an unprecedented scale. Criminal organizations turning increasingly to the Internet to facilitate their activities and maximize their profit in the shortest time. The crimes themselves are not necessarily new – such as theft, fraud, illegal gambling, sale of fake medicines – but they are evolving in line with the opportunities presented online and therefore becoming more widespread and damaging . Identity theft Identity theft and fraud is one of the most common types of cybercrime. The term Identity Theft is used, when a person purports to be some other person, with a view to crea