NOIDA: The threat of ransomware attacks and data theft is becoming more prevalent in India by the day. Noida-based Isgec Heavy Engineering Limited (ISGEC) became the latest victim of ransomware attacks. Earlier this month, hackers targeted the engineering and manufacturing giant and demanded a large quantity of money to decrypt their data.
Ransomware has become the biggest problem for enterprises and organisations across the globe. Through ransomware attacks a hacker infects a company’s computer through malicious software. All the files and data of the computer and the network gets locked and the hacker gain the access to it. The compute screen displays messages demanding a fee to be paid in order to work again.
Sanjay Kumar Garde, Head-IT Dept of Isgec Heavy Engineering Limited (ISGEC) has registered an FIR with the Noida police informing about the incident.
ISGEC is a public limited company engaged in the design, engineering, manufacture, selling and supply of the various type of industrial machinery. They have offices in Sector 24 and Sector-63 of Noida. The official claims that the ISGECs servers are placed at both the offices, which controls facilitates businesses at multiple locations apart from generating and preserving all business-related data in electronic form.
It was on 7th June 2022 at around 6.55 am IT Team noticed that servers are encrypted. IT Team also noticed an alert in early morning about failure of the server services.
“We initially thought that it could be a hardware failure but subsequently it was found that the problem is not related to hardware. After rebooting, We noted that the whole data is encrypted and a text file was there, which warned not to touch data and contact through the chat engine with the given user ID,” Sanjay Kumar Garde said in the FIR.
Garde further said that on 7th June 2022, late evening, I was contacted through a chat box by someone and he demanded money through Bitcoin. Our internal IT Team with the help of external IT professionals is working to crack the problem but it is not cracked so far as though our efforts are on.
“It is a case of hacking and encryption of our servers. Someone has hacked our servers with dishonest motive and with an intention to cause harm to us and our IT related equipment including servers, computers, laptops, and data stored therein in electronic form,” Garde mentioned.
The ransomware has hit their operations. “Because of this cyber attack we are suffering with huge losses apart from risk of misuse or loss of our valuable and confidential data,” Garde said.
ISGEC’s IT team and other external experts could not find the solution to the problem after which they contacted the police.
This type of malware is a fraudulent money-making scheme that can be installed by deceptive links in an email, instant message, or website. It can lock a computer screen or encrypt crucial, predefined files with a password.
Noida police have registered an FIR and have started the investigation.
Prof Triveni Singh, SP, Cyber Crime, UP said, ” We have started the investigation of the case. Our team will take help of CERT-IN to investigate the matter. We will also conduct the forensics of their computer system to ascertain the source of the malware.”
Ransomware attacks are the biggest worry for organizations around the world. Despite the attack troubling big corporations for a couple of years, there is no full-proof solution to guard against such a sophisticated attack.
HOW TO STAY SAFE:
Dr Rakesh Goyal, Director, Sysman Computers, A CERT-In empanelled audit firm told The420.in the risk mitigation for ransomware are:
(1) Periodic backup of data to be taken. If data is critical, it must be backed up daily. Alternately, weekly full backup with daily incremental backup; In case of any ransomware attack, the previous day’s clean backup must be restored.
(2) Secure network architecture by putting the database in a secure zone behind DMZ.
(3) Implementation of IPS/IDS/hardening of firewall with all logs on.
(4) Having the latest licensed Anti-Malware with scanning of each and every mail and data item.
(5) Blocking all USB ports except desired ones
(6) Blocking all not required services/ports
(7) Regular patching
(8) Creating awareness amongst users to (a) identify phishing/spam/ malicious mail; (b) not to use pen drives/other-media to copy data/programs; (c) not to visit undesirable websites; (d) incident reporting; (e) cyber hygiene.
(9) Defining risk mitigation for malware/ransomware in business continuity plan (BCP) and regular drill
(10) In a critical data center, monitor all data traffic using Security Operations Center (SOC)
Follow The420.in on