Ransomware Attacks, Malware Infections, And Digital Extortion

05 Oct 2025 --
0 Comments

⚖️ I. Understanding Ransomware, Malware, and Digital Extortion

1. Definitions

Ransomware: Malicious software that encrypts a victim’s data or locks systems, demanding a ransom for release.

Malware: Any software intentionally designed to cause harm to computers, networks, or users (includes viruses, worms, trojans, spyware).

Digital Extortion: Using malware, ransomware, or cyber threats to coerce victims into paying money or performing actions under threat of harm.

2. Key Features

Exploits vulnerabilities in systems, networks, or devices.

Can target individuals, corporations, critical infrastructure, or government systems.

Methods include phishing emails, malicious links, trojans, and social engineering.

3. Relevant Indian Laws

Information Technology Act, 2000

Section 66: Computer-related offenses

Section 66C: Identity theft

Section 66F: Cyberterrorism

Indian Penal Code (IPC)

Section 384: Extortion

Section 403 & 406: Criminal breach of trust

Section 420: Cheating

RBI Guidelines for financial institutions regarding digital fraud.

PMLA, 2002 (if ransomware extorts illegal funds linked to crime).

⚖️ II. Landmark Cases

1. WannaCry Ransomware Attack (Global, 2017)

Facts:
WannaCry ransomware infected over 200,000 computers in 150 countries, including hospitals, corporations, and government agencies. It demanded Bitcoin ransom to unlock files.

Legal Actions:

While no specific prosecution reached finality internationally, agencies traced ransomware to North Korea-linked groups (Lazarus Group).

Focus on cybercrime law enforcement and cross-border investigation.

Principle:
→ Large-scale ransomware attacks targeting critical infrastructure are treated as cyberterrorism and digital extortion.

2. Petya/NotPetya Malware Attack (Global, 2017)

Facts:
Petya malware encrypted files and affected multinational corporations, causing billions in damage.

Held:

Classified as malware causing intentional disruption of computer systems.

Led to civil and criminal investigations under IT Act equivalents in affected countries.

Principle:
→ Malware infections causing economic loss constitute a cybercrime and justify criminal investigation, even without ransom payment.

3. Andhra Pradesh Government Ransomware Attack (India, 2019)

Facts:
State government computers infected by ransomware, freezing files and demanding cryptocurrency ransom.

Held:

Police and CERT-IN initiated digital forensics investigation.

Offense categorized under IT Act Section 66 (hacking, data damage) and IPC 384 (extortion).

Principle:
→ Ransomware on government systems = criminal offense under IT Act and extortion laws.

4. Cosmos Bank ATM Malware Attack (India, 2018)

Facts:
Hackers used malware to transfer ₹94 crore from ATMs and the bank’s systems, mainly using compromised debit card credentials.

Held:

FIR filed under IPC Sections 420, 403, 406, 66C, 66D IT Act.

Investigation revealed malware installation and ATM network compromise.

Principle:
→ Malware used to defraud financial institutions = combination of cybercrime, extortion, and financial fraud.

5. Colonial Pipeline Ransomware Attack (US, 2021)

Facts:
Ransomware attack on the pipeline’s IT systems disrupted fuel supply in the US. Hackers demanded ransom in cryptocurrency.

Held:

US DOJ classified it as digital extortion, critical infrastructure attack.

Payments and cryptocurrency tracing were investigated under anti-money laundering laws.

Principle:
→ Critical infrastructure ransomware attacks = cyber extortion + national security threat.

6. GandCrab Ransomware Attack (Global, 2018–2019)

Facts:
GandCrab ransomware infected computers worldwide, encrypting files and demanding ransom in cryptocurrency.

Held:

Authorities tracked operators through digital forensics and cryptocurrency tracing.

Arrests and takedown of infrastructure highlighted cross-border cooperation in cybercrime.

Principle:
→ Even decentralized ransomware operations are prosecutable if operators are identified via digital forensics.

7. WannaCry Variant in Indian Hospitals (India, 2020)

Facts:
Hospital servers infected by ransomware, locking patient records. Attackers demanded cryptocurrency ransom.

Held:

Hospitals filed complaints under IT Act Section 66, IPC 384 & 420.

CERT-IN conducted forensic analysis and restored systems.

Principle:
→ Healthcare sector ransomware attacks = criminal offense, recoverable through IT Act provisions.

⚖️ III. Investigative and Legal Process

Detection – Alerts from antivirus, CERT-IN, SOCs, or complaints from affected users.

Digital Forensics – Extract malware samples, trace IPs, crypto wallets, logs, and command-and-control servers.

Filing FIR – Use IT Act Sections 66, 66C, and IPC Sections 384, 420.

Cyber Crime Investigation – Cooperation with CERT-IN, banks, cryptocurrency exchanges, and global cyber authorities.

Asset Tracing – Cryptocurrency tracking and seizure of digital funds.

Prosecution – Courts rely on digital evidence, malware analysis, and expert testimony.

⚖️ IV. Key Legal Takeaways

Offense	Platform/Method	Law Applied	Case Example	Principle
Ransomware encrypting systems	Windows, servers	IT Act 66, IPC 384	WannaCry	Demands for digital ransom = extortion
Malware to steal funds	ATM, Bank systems	IPC 420, 403, 406, IT Act 66C	Cosmos Bank Attack	Malware facilitating theft = criminal breach + cybercrime
Ransomware targeting hospitals	Servers, digital records	IT Act 66, IPC 384	Indian Hospitals 2020	Sensitive data extortion = punishable
Critical infrastructure ransomware	Pipeline, energy networks	IT Act, Cyberterrorism laws	Colonial Pipeline	Disruption + extortion = national security crime
Malware campaigns with crypto	GandCrab, Petya	IT Act, PMLA for crypto tracing	GandCrab	Crypto-based ransom = prosecutable under IT Act + AML laws