Ransomware Attack Cripples Haldiram, Hackers Demand Rs 7.5 Lakh To Unlock Data

By Shashank Shekhar and Sunil Maurya in Noida

The threat of ransomware attack and data-stealing is only getting bigger and bolder in India each day. The latest victim of such high-tech digital fraud is sweets and snacks manufacturer Haldiram. The retail chain was targeted by hackers in July where they demanded a huge sum of money to decrypt their data.

The hackers have allegedly stolen crucial data of the company which has caused immense loss to the company. According to the FIR registered by Haldiram with Noida police, their servers were attacked on the intervening night of July 12-13.

Halidram is popular for its chain of sweet shops and restaurants. They are in the business of manufacture, sale and export of traditional namkeens, western snacks, Indian sweets and other packed food products.

The main servers of Haldiram which is located at its corporate office in C-31, Sector-62 of Noida was targeted by cybercriminals.

 Haldiram’s office in Noida sector 62

The IT team of Haldiram found out that some program was being executed and the data from their servers were being extracted.  Haldiram in its FIR said, “…may be the entire or substantial data may have already been stolen from the servers of the company.”

Data security and cybersecurity providing antivirus company – Trend Micro after analysis have told Haldiram that the data has been stolen and is not even recoverable from their servers.

According to the information, data related to retail sales and inventory, human resources and payroll data and other crucial documents were taken away.

Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. In this case, the hackers have demanded Rs 7.5 lakh.

Screenshot of Haldiram’s leaked data.

FIR said that the company’s server was hacked and hit by a ransomware attack, thereby not only encrypting the servers, files, data, applications, systems, etc but also deleted all the backups from the servers. The attack has also led to theft of valuable data of the company.

The hackers are now demanded Rs 7.5 lakh to decrypt the data.  “Hackers left a message on all affected servers that it is a ransomware attack and that all their files, data, applications and systems had been encrypted. They have threatened to pay a ransom of Rs 7.5 lakh to decrypt the servers, including all its files, data, applications, systems, etc,” the FIR said.

This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password.

Cyber experts believe Maze ransomware could be behind the attack which is around for less than a year and has wreaked havoc on businesses and municipalities throughout the world.

“Ransomware is one of the most intractable — and common — threats facing organizations across all industries and geographies. And, incidents of ransomware attacks continue to rise, we have been observing continuous attacks through new variants of ransomware since few months, it has increased exponentially during the lockdown. Maze, Ryuk, Revil, Tycoon and Netwalker are the most active and dangerous ransomware in these times,” said Amit Dubey, Chief Mentor, Root64 Infosec Research Foundation.

Noida police have registered the FIR at its sector 58 police station and have started the probe.