Daily Cybercrime Brief by Future Crime Researchers [22.04.2024] : India’s annual cyber crime loss, Akira ransomware and more

Published

4 weeks ago

April 22, 2024

India’s Annual Cybercrime Losses Hit Rs 70k Crore, Criminals Grow Bolder

India’s economy suffers a staggering Rs 70,000 crore loss annually due to cyber fraud, a significant increase from previous estimates of Rs 10,000 crore.
Despite the high losses, 90% of incidents involve stealing relatively small amounts, typically under Rs 50,000, to avoid attracting law enforcement attention.
Scammers gradually escalate theft amounts, starting with a few hundred rupees and progressing to lakhs as they gain confidence and target new victims.
Many large-scale online frauds, especially those involving substantial amounts, are traced back to China, complicating investigation and enforcement efforts.
Scammers operate across multiple states and use mule accounts, typically of unwitting individuals, to transfer stolen money, making it challenging for law enforcement to trace the actual perpetrators. Additionally, scams heavily rely on social engineering rather than direct hacking of banking systems.

Initiate a Battle Against Cybercrime

Bengalureans lost a staggering Rs 240 crore to cybercrime in the first two months of this year, with projections indicating a potential loss of Rs 1,440 crore by year-end. Detection rates have sharply declined, posing significant challenges for law enforcement.
Among the cybercrimes, job frauds stand out, with 3,151 cases registered in the first two months of 2024 in Bengaluru alone. Victims collectively lost over Rs 63.8 crore to job scams, highlighting the vulnerability of the unemployed seeking lucrative opportunities.
Nationwide, cybercrime has cost Rs 10,319 crore from April 2021 to present. Perpetrators utilize various methods, including email fraud, identity theft, financial data theft, cyber extortion, cryptocurrency mining, cyber espionage, and more.
Despite awareness programs, cybercrime is on the rise, with evolving tactics outsmarting both the public and law enforcement. Urgent action is needed from central and state governments to establish specialized agencies dedicated to combating cybercrime.
Without swift intervention, cybercriminals will continue to exploit innocent citizens, necessitating a concerted effort to prevent and detect cybercrime.

CBI’s West Region Cyber Cell Nabs Two in Madhya Pradesh for Rs 16.31 Lakh Fraud

The West Region Cyber Cell of Mumbai’s crime branch apprehended two individuals from Madhya Pradesh for defrauding a businessman of Rs 16.31 lakh through a share trading scheme.
The arrested individuals, identified as Deepak Jatav (29) and Vineet Baheti (34), both hold B Pharma degrees and jointly operate a pharmacy business.
The victim, a 39-year-old MBA graduate working in finance, encountered an Instagram link offering earnings through share trading. After joining a Telegram group, he invested the mentioned sum based on false promises of profit.
Despite being shown an apparent profit of Rs 31 lakh, the victim couldn’t withdraw the funds. Upon contacting the suspects, they evaded responsibility, leading the victim to realize he had been deceived.
Prompt action by the West Region Cyber Cell resulted in freezing Rs 11 lakh of the victim’s funds. Subsequent investigations revealed transfers to multiple bank accounts, including one operated by Deepak Jatav, facilitated by Vineet Baheti. Authorities are currently seeking three to four additional suspects in connection with the case.

Akira Ransomware Nets $42 Million in Ransom Payments from 250+ Victims

A joint advisory from CISA, the FBI, Europol, and NCSC-NL highlights Akira ransomware operators’ substantial income of $42 million from over 250 victims worldwide since early 2023.
Akira ransomware targets various industries, including education, finance, and real estate, employing a double extortion model by first exfiltrating data and then encrypting it. The malware, initially written in C++, now utilizes Megazord with Rust-based code.
Threat actors gain initial access through vulnerabilities in VPN services and Cisco systems, as well as external-facing services like RDP and spear phishing. They exploit domain controller functions and post-exploitation techniques like Kerberoasting and credential scraping.
Akira operators deploy multiple ransomware variants within the same attack, disable security software, and use various tools for data exfiltration and communication with command-and-control servers, including AnyDesk and Cloudflare Tunnel.
Akira employs a hybrid encryption scheme combining ChaCha20 stream cipher with RSA public-key cryptosystem for efficient and secure data locking, tailored based on file type and size, posing significant challenges for decryption.

Nagpur Bank Manager Falls Victim to Rs 5.10 Lakh Cyber Fraud

A bank manager in Nagpur, Smita Vishwas, fell victim to an online cyber fraud while attempting to sell household items, losing Rs 5.10 lakh in the process.
Vishwas uploaded details of a refrigerator and sofa for sale, following which she received a call from a buyer expressing interest in the items.
The accused requested an initial verification transaction of Rs 60 from Vishwas, followed by subsequent transactions totaling Rs 5.10 lakh, under the guise of refunding previous amounts.
A case was registered under relevant sections of the Indian Penal Code and the Information Technology Act, and law enforcement authorities are actively pursuing efforts to apprehend the culprit.
Despite Vishwas’s attempt to sell her household items, she ended up losing a substantial sum of money in the fraudulent scheme, highlighting the prevalence and risks associated with online scams.

The420.in