With a young man in shorts strumming his guitar and desks littered with water bottles and coffee cups, it could be a scene from any trendy tech start-up company.
But this photo is believed to be the first from inside the lair of a so-called ransomware gang.
The fast-growing crime involves hackers taking control of an IT system or data and demanding money to release it.
In the photo – accompanied by a caption in Chinese that reads’ Wow! Little brother playing guitar ‘- a second man stares at a screen, possibly orchestrating a new crime.
This photo is believed to be the first from inside the lair of a so-called ransomware gang
Unearthed by cybersecurity firm Internet 2.0, the photo is said to show members of APT41, a Chinese group blamed for more than 100 hacks, including ransomware attacks, until last year.
The FBI released a wanted poster last September featuring the faces of five APT41 members wanted for questioning over a series of raids in the US, UK, Australia and Taiwan.
The group is also suspected of espionage for the Chinese regime, including during the pro-democracy protests in Hong Kong in 2018.
Ransomware profits last year are conservatively estimated at £ 250 million. According to research by cryptocurrency experts Chainalysis, the gangs saw profits increase by more than 300 percent last year.
Aside from the US, Britain is the country with the most targets, with schools, charities and even individuals now added to existing targets such as large corporations and government agencies.
Since December, more than 100 UK schools have been attacked, while people and organizations with Microsoft Exchange email accounts have also fallen prey to extortion bids.
Not even The Woodland Trust, a conservation charity, has been spared. Hackers targeted the group in December and caused trouble for months.
Security experts fear the criminals will turn their attention to the health service, as they did in Germany last September when they paralyzed a large hospital.
Rapidly growing crime involves hackers taking control of an IT system or data and demanding money to release it
Ciaran Martin, who was in charge of GCHQ’s National Cyber Security Center until August last year, said, “During the pandemic, the biggest concern was that someone would enter a hospital with ransomware.”
Internet 2.0 co-founder David Robinson said: “APT41 plays in everything. Ransomware has been a big part of their operation, and what we’ve seen around the world for the past year is a relentless, ongoing attack on organizations and individuals. ‘
The suspected APT41 hipster hackers in the photo are in China, but other ransomware gangs are based in Russia, several former Soviet states, North Korea, Iran and parts of West Africa.
The infamous REvil group, believed to be in Russia, has targeted Microsoft emails and is suspected of attacking the Harris Federation, a group of nearly 50 primary and secondary schools in and around London. The gang also received £ 1.8 million from Travelex, the now-bankrupt UK bureau de change service, last year after taking control of its systems.
The Fat Face retail chain is the latest victim. It allegedly paid a £ 1.45 million ransom to a gang called Conti, who stole 200 gigabytes of data, including customer information, and denied the company access to its systems in January. Conti is believed to be linked to a suspected Russian ransomware cartel called Ryuk.
The Kremlin has been accused of turning a blind eye as long as Russian companies and interests are spared.
The UK government announced in 2020 the creation of a 3,000-strong National Cyber Force that will bring together specialists from GCHQ, the Department of Defense and the intelligence services to tackle the problem.
But security experts say the government should make it harder for businesses to pay. Currently, some companies have insurance policies that allow them to make a ransom claim.
“We are wrong with ransomware as a society and criminals have recognized that it is a lucrative, successful industry,” said Martin. “Ransomware is on the rise because it pays off.”