After the WannaCry ransomware cyber attack spread like wildfire and paralysed computer systems across the world, isolated incidents were reported from Andhra Pradesh, Gujarat, Kerala and West Bengal. Now, the capital has seen its first ransomware cyber attack, with employees of Rachna Sagar Private Limited “locked” out of more than 200 computers.
The cyber attack was reported on August 9 when staff at the publishing company found that they could not log into their user accounts, and could only use the “demo” account. The WannaCry malware attack exploits potential vulnerabilities of computer systems as hackers encrypt all files and demand ransom in exchange for unlocking them. Last year, a ransomware attack was used to target the Mumbai police system, and several files were encrypted by hackers.
When the IT staff at the publishing company tried to diagnose the problem, they found that they had been at the receiving end of a ransomware attack. The hackers had posted a message demanding a ransom between 800-1000 US dollars in Bitcoin. While diagnostic work at the publishing company is underway, the encrypted data has not been recovered. DCP (central) M S Randhawa confirmed the cyber attack and said a complaint has been registered at Darya Ganj police station. The complaint was filed by the general manager at the company. “This morning, when we started our work and opened Busy software, we received a text message which said our files are encrypted. The message said we have to pay money to enable decryption of our files (sic),” the complaint read.
The publishing company uses the accounting software called “Busy” for its work. Employees have two accounts that they log into for accounting transactions — live and demo mode. Users have to gain access to the live mode to conduct business, which they have been locked out of by the hackers. Police sources said it is difficult to track the hackers as they hacked into the computer systems using a proxy network.
“The hackers have locked out their data since April. Employees have not been able to conduct any business since the day of the cyber attack. Their billing process has been delayed and they are even scared to use netbanking as they fear online payment systems may be compromised,” said a source privy to the investigation.