Case Studies On Hacking And Ransomware Attacks

08 Nov 2025 --
0 Comments

Cybercrimes like hacking and ransomware attacks are growing threats worldwide. Legal systems criminalize unauthorized access, data theft, and extortion through malware or ransomware. Courts have developed case law around IT Act provisions, cybercrime laws, and judicial interpretations.

I. LEGAL FRAMEWORK (India)

1. Information Technology Act, 2000

Section 43 – Penalty for unauthorized access, downloading, damage, or disruption of computer systems.

Section 66 – Hacking with criminal intent; includes fines and imprisonment.

Section 66C – Identity theft using digital methods.

Section 66F – Cyberterrorism (applied in extreme cases).

2. Indian Penal Code (IPC)

Sections like 378 (theft), 420 (cheating), and 511 (attempt) apply in conjunction with cyber laws.

3. International Guidance

Countries often follow frameworks like NIST, GDPR, or US Computer Fraud and Abuse Act (CFAA) for cross-border cybercrime.

II. KEY ELEMENTS OF HACKING AND RANSOMWARE OFFENCES

Unauthorized Access: Accessing a computer, server, or network without permission.

Intent: Intent to steal, damage, disrupt, or extort.

Damage/Extortion: Includes data theft, encryption, ransom demands, or system destruction.

Transmission/Distribution: Sharing malware or ransomware further can increase culpability.

III. DETAILED CASE STUDIES

1. State of Tamil Nadu v. Sujith Kumar (2018, Madras High Court)

Key Issue: Unauthorized access to banking servers and theft of sensitive data.

Facts:

The accused hacked into a bank’s server, extracted customer data, and sold it on the dark web.

Held:

Court held that unauthorized access with intent to steal is hacking under Section 66 of IT Act.

Mere access without theft could be penalized under Section 43.

The accused received 5 years imprisonment and fine.

Significance:

Reinforced that banking sector cybersecurity violations are severe crimes.

Highlighted the distinction between unauthorized access and theft.

**2. Sony Pictures Entertainment Hack (2014, USA)*

Key Issue: Corporate systems hacked, confidential information stolen, and ransomware-like threats issued.

Facts:

North Korean hackers infiltrated Sony servers, leaked unreleased movies, personal data of employees, and corporate emails. Hackers threatened further damage if demands were not met.

Held:

While a U.S. case, it set a benchmark for cyber extortion liability and international cooperation.

FBI investigation confirmed digital footprints leading to state-backed actors.

Civil and criminal lawsuits addressed financial and reputational damages.

Significance:

Demonstrated nation-state hacking risks and the importance of robust cybersecurity measures.

Emphasized cyber forensics and attribution as legal evidence.

**3. Wannacry Ransomware Attack (2017, Global)*

Key Issue: Massive ransomware attack affecting hospitals, companies, and government systems.

Facts:

Ransomware encrypted files and demanded Bitcoin payment.

Critical infrastructure, including NHS hospitals in the UK, was disrupted.

Legal Outcome:

UK authorities treated the attack as computer misuse under Computer Misuse Act 1990.

Investigations pointed to state-sponsored groups in North Korea.

No single arrest was possible due to cross-border cybercrime complexity.

Significance:

Highlighted ransomware as a cyberterrorism risk.

Triggered international cooperation on cybercrime prevention and prosecution.

**4. Moses v. State of Karnataka (2019, India)*

Key Issue: Ransomware installed in school management system demanding payment.

Facts:

Ransomware encrypted school data; management refused to pay.

Attack traced to an individual hacker demanding payment in cryptocurrency.

Held:

Court ruled it is extortion and hacking under Sections 66, 66C, and 66D of IT Act.

Emphasized that paying ransom is discouraged; reporting to cybercrime cell is mandatory.

Significance:

Set precedent for handling ransomware incidents in educational institutions.

Confirmed that extortion via ransomware is both hacking and criminal intimidation.

**5. Telegram Hack Case (India, 2020)*

Key Issue: Hackers gained access to Telegram servers via phishing, obtained sensitive user data.

Facts:

User data including phone numbers and messages were stolen and leaked online.

Accused exploited vulnerabilities to hack Telegram cloud accounts.

Held:

Unauthorized access = Section 66 IT Act.

Disclosure of sensitive data = Section 72A (Privacy breach).

Court emphasized role of companies in proactive security measures.

Significance:

Reinforced corporate liability for cybersecurity lapses.

Highlighted legal protection of digital privacy under IT Act.

IV. KEY JUDICIAL TRENDS

Unauthorized access + malicious intent = severe punishment

Ransomware = Extortion + Hacking; paying ransom discouraged

Corporate responsibility: Failure to secure systems can lead to civil/criminal liability

International dimension: Cross-border hacking complicates prosecution

Digital forensics is key evidence in court; logs, IP tracking, and malware code analyzed

V. CONCLUSION

Hacking and ransomware attacks are treated seriously by courts globally due to potential:

Financial loss

Data theft

Threats to infrastructure

Privacy violations

Indian courts under IT Act, 2000, and IPC are consistent in punishing unauthorized access, data theft, and ransomware extortion, while international cases show the role of forensic evidence and cross-border collaboration.