With transactions in the dark net emboldened by “grey money” cryptocurrency, comes a host of wrought possibilities. Ransomware is fast emerging the most preferred way to attack data, demand a ransom and restore status quo only after the unethical hackers have made big bucks.
Gujarat has been the target of increasing attacks in the past two years. Hackers have attacked pharmaceutical and manufacturing companies, gained access to the Gujarat database from a big B2B website, and stolen 800GB worth of data related to taxpayers from the GST department.
In simple terms, ransomware is a type of malware from crypto-virology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called crypto-viral extortion.
The gravity of the situation on ground Ahmedabad came to light when a space-tech startup based out of SG Road “found itself locked out of its own files.”
Hackers released ransomware into the firm’s servers to target its venture and hold its IT systems hostage for nearly 15 days. The cybercriminals asked the outfit for Rs 8 crore if it wanted to access its data. The company, which is registered with ISRO’s Indian National Space Promotion and Authorization Centre (IN-SPACe), however, managed to retrieve the data without paying a paisa.
Reliving the harassment, CEO Surendra Raj, shared: “The hackers demanded 20 bitcoins at a time when each bitcoin was valued at Rs 40 lakh. Our sensitive designs were set open for all while the cybercriminals paralyzed our access.”
The attack in March 2022 was reported to Gujarat CID (crime cybercell). However, the company and its domain service provider managed to release data using competent technology.
The startup isn’t the only one from Gujarat that has fallen prey to hackers. Between 2020 and 2022, significant data breaches and ransomware attacks have occurred in companies, startups and most importantly, state government departments.
On March 26, 2020, Russian hacker ‘Bassterlord’ claimed to have admin access to the Gujarat GST office’s network and put up 755GB of data on sale. The hacker accepted orders via Telegram, email and a Russian hacking forum. “The hacker likely got remote desktop (RDP) access by exploiting an RDP flaw, using default RDP credentials, or by brute forcing (attack using trial-and-error to guess login info, encryption keys, or find a hidden web page). S/he stole information on export tax, telephone number directories, mobile numbers, and massive amounts of tax data of taxpayers.
The data was breached from the computer of one Ramesh Ashokbhai,” said a senior Gujarat State Wide Area Network (GSWAN) official. Three months later, a major B2B website’s Gujarat database was attacked by malware. Data about 43,920 suppliers registered with the website was put on sale on two forums. “A Malaysian hacktivist group, DragonForce, called for attacks on Indian government websites. Certain key states, including Gujarat, were targeted during the campaign. Apart from the B2B website, ISPs in Valsad and South Gujarat were also attacked,” revealed a senior CID crime official.
Gujarat being a manufacturing hub, private companies are vulnerable targets. CID officials urge all such attacks must be reported to India’s computer emergency response team, CERT-In.