It may seem to be a slice out of a new-age, cyber-centric Hollywood potboiler — targeted malware attack on critical files on your computer. It doesn't end there; the malware wizards of the netherworld seek a ransom to unlock the files you need.
This is happening in Kerala, mostly Idukki district, where hapless wedding photographers and videographers are at the receiving end of a malicious and concerted malware attack.
Shameer Shamsudeen, who runs a studio in Nedumkandam in Idukki district, got the shock of his life when he could not open the files saved in his computer.
Shameer realised that he had lost videos of four recent weddings which he had recorded for clients. Shameer, the owner of Audiocab recording studio, was scared of the prospect of telling his clients, eagerly waiting to get their wedding videos. He said these videos were made recently and he had not made a backup of the files.
Shameer is one among several studio owners who faced the malware attack. Most of them did not know that it was a cyberattack until they received demands for ransom.
Usually, decryption is impossible as the files are locked using mathematical keys known only to these attackers. While IT firms, hospitals, airports, etc are usually the targets of ransomware attacks, studios seem to be the new target.
Shameer had difficulty in accessing his files on September 6. He noticed that there was an unknown extension of '.kasp' in every file. After trying every possible option, Shameer filed a case at the Nedumkandam police station last week.
Around two months ago, another studio owner, Jayaraj P R, who runs JS Recording Studio in Vellilankadam, near Kattappana, lost files he had for over a decade. "Apart from professional items, personal data including my own wedding video were lost. Since I was unaware of malware attacks, I didn't file any complaint," he said. Jayaraj said his files had the extension, '.mas' and a note demanding ransom in bitcoins. He also did not have backup for several files.
From Shameer, the hackers demanded a ransom of $980 to decrypt the files. They offered a 50% discount if he would contact them back in 72 hours.
Ajeesh Mohanan, who runs the studio, 24 Frame, in Kattappana, experienced ransomware attack a year ago. He lost footage, including that shot for an advertisement. Ajeesh filed complaints with the police and tried to retrieve the files by enlisting the help of experts. He found no success. The attackers sought $980 as ransom.
Shameer said there were several studio owners who faced similar attacks. They were afraid to speak out due to fear of loss of business. "Already, these studios are facing huge losses due to such cyberattacks and trust is the last thing we could compromise on," he said.
The number of ransomware attacks in Idukki is high but the studios across the state have been attacked. Sooraj S R, an aspiring film-maker in Thiruvananthapuram, lost several files in an unexpected ransomware attack last year. "I lost visuals of advertisements, a web series and a musical album," said Sooraj, who is yet to recover from the huge loss.
"Someone from Kozhikode had contacted me and said he had, in fact, paid the amount to get his files back. I am not sure whether he got the files back after paying the ransom," he said.
Sub-inspector, Nedumkandam, K Dileep Kumar said they had forwarded the complaints to the cyber cell. "Since there is a separate cyber wing, we have forwarded it to know if there is a common investigation going on against such ransomware attacks. If they get back with primary details, we will do the rest of the investigation here," he said.
Additional Director-General of Police (ADGP) and Cyberdome nodal officer Manoj Abraham said ransomware attacks were happening across the world and there was a spike during COVID.
"The major targets are institutions like hospitals or airports which require decryption of files. These hackers send malware everywhere using bots and studios might be unintended targets which the hackers might not be interested in," he said.
Manoj Abraham said lack of due care on part of users made them vulnerable to such attacks. "Downloading unnecessary files, delay in updating operating systems or lack of anti-virus software are reasons that make a system vulnerable. It is also important to keep a backup of all documents," he said.
The ADGP said some malware could be decrypted, but not before the nature of malware was deciphered.
With the recent spate of attacks, studio-owners are gearing up to ensure requisite protection from cyberattacks in future.
(Jisha Surya is an independent journalist based in Thiruvananthapuram)