What Is ‘Cyber Kidnapping’?


“Cyber kidnapping” typically refers to a type of cybercrime where criminals use technology to kidnap or hold digital assets, data, or systems hostage for ransom. It is more commonly known as “ransomware attacks.”

Chinese Exchange Student Latest Victim of ‘Disturbing’ Trend

Kai Zhuang, a 17-year-old Chinese exchange student, has been found alive in the Utah wilderness after going missing in what local police are calling a case of “cyber kidnapping,” a new criminal trend in which scammers extort vulnerable victims remotely, convincing their families they’ve been forcibly kidnapped and demanding ransom money.

Cyber Kidnapping – Story of a Chinese exchange student

Zhuang was reported missing on Dec. 28, after his family in China contacted his school in the U.S. to report they’d received images that suggested he was forcibly kidnapped, even as Zhuang’s host family in the U.S. told police they had seen Zhuang earlier that day and were unaware of a forcible kidnapping, according to Riverdale, Utah Police Chief Casey Warren.

cyber kidnapping

His family paid approximately $80,000 in ransom money to Chinese bank accounts after receiving “continuous threats from the kidnappers” about Zhuang’s safety, police said.

Meanwhile, the scammers were threatening Zhuang for possibly a month, telling him if he didn’t comply with their demands, his family would be harmed in China, and ordering him to isolate himself in the woods and send photos to his parents, Warren said.

The Riverdale Police and Weber County Sheriff’s Office used bank and phone data to track Zhuang’s movements and general area and conducted a drone search and rescue, finding Zhuang camping in the Brigham City canyon area alive “but very cold and scared,” police said.

In his press statement, Warren said that, as part of the investigation, the FBI had briefed the department of this “disturbing criminal trend,” highlighting similar cases that have been targeting foreign exchange students—and Chinese foreign exchange students, in particular.

In these “cyber kidnapping” cases, the scammers tell victims to isolate themselves and may convince them under duress to make it appear they are being held captive—in some cases even contacting the victim via webcam and sending voice recordings to the families.


An overview of how these attacks typically work

Infection: Ransomware is often delivered through phishing emails, malicious attachments, or compromised websites. Once a user clicks on a malicious link or opens an infected file, the ransomware is deployed on the victim’s system.

Encryption: The ransomware encrypts the files on the victim’s computer or network, making them inaccessible. The encryption process transforms the files into a format that can only be decrypted with a unique key held by the attackers.

Ransom Demand: After encrypting the files, the attackers demand a ransom payment from the victim, usually in cryptocurrency like Bitcoin. The ransom demand is accompanied by a threat to permanently delete the decryption key or destroy the files if the payment is not made within a specified time frame.


Communication Channel: Cybercriminals often provide instructions on how to pay the ransom and may establish communication channels to negotiate with the victim. These channels are designed to maintain the anonymity of the attackers.

Payment: If the victim decides to pay the ransom, they transfer the requested amount in cryptocurrency to the attackers. In some cases, even after payment, there is no guarantee that the attackers will provide the decryption key or that the files will be restored.

Decryption (or Not): If the victim decides not to pay the ransom or if the attackers fail to uphold their end of the bargain, the encrypted files remain inaccessible. Recovery might be possible through backups or other means, but it can be a time-consuming and challenging process.

Leave a Comment

Your email address will not be published. Required fields are marked *