Online gambling firms are being targeted with ransomware by Chinese state-sponsored hackers in what is either a dramatic shift in priorities or simply greedy techs looking to pad their meager salaries. 

A report by Israeli cybersecurity firms Profero and Security Joes details a series of ransomware attacks against five unidentified online gambling companies earlier this year by a group alternately known as Advanced Persistent Threat 27 (APT27) or Emissary Panda. 

The report builds on a separate report this February by Trend Micro, who identified a Chinese-led hacking group known as Winnti (aka APT41), which until that point had a history of going after online gaming (not gambling) firms. The APT27 attacks used similar DRBControl malware to gain access targeted servers but APT27 was traditionally focused on corporate espionage rather than financial gain. 

The APT27 attacks also differed in that, once the hackers had gained access to a specific server, they utilized the BitLocker encryption tool built into Windows to deny access to the servers by their rightful owners rather than employ a custom piece of ransomware.