skip to content
Advertisement
Premium
This is an archive article published on December 4, 2022

Probing server attack, CERT-In finds holes in AIIMS cyber security

Four servers infected, no measures were implemented by computer faculty to secure the network, finds agency

AIIMS cyberattack, All India Institute of Medical Sciences (AIIMS), CERT-In, Indian Express, India news, current affairsThe ransomware attack took place on AIIMS’s servers on November 23. (File)

Probing into the cyberattack on some servers at the All India Institute of Medical Sciences (AIIMS) in Delhi, the Indian Computer Emergency Response Team (CERT-In) has found that no measures were implemented by AIIMS computer faculty for securing the network; that no policies were defined on their firewall and in their network; and most of the switches were unmanaged.

CERT-In, the country’s premier cybersecurity agency, has also found that all files and data in the infected servers of AIIMS displays the message, “free decryption as a guarantee, you can send us upto three free decrypted files before payment”.

Delhi Police has registered an FIR under IPC Section 385 (putting a person in fear of injury in order to commit extortion), 66 and 66-F IT Act after receiving a complaint from one Naresh Kumar Yadav, an assistant security officer at AIIMS.

Story continues below this ad

“Initial analysis of CERT-In has found that four servers — two application servers, one database server and one backup server — were found infected,” a source said. “A team of CERT-In found that the encryption was triggered by one of the Windows servers attached in the same network, but files of this server were not encrypted.”

Yadav told the police in his complaint that he received information from one Dr Pooja Gupta, professor in-charge, computer facility, AIIMS, on ransomware attack on the premier institution’s e-hospital servers on November 23. The FIR stated that after two encrypted mails, there was a message: “what happened, your files are encrypted, all files are protected by strong encryption with RSA-2048, there is no public decryption software, what is the price to repair, the price depends on how fast you can pay to us, after receiving money, we will send program and private keys to your IT department right now, do not attempt to decrypt your data after using third party software, this may result in permanent data loss, our program can repair all files in few minutes and all servers will work perfectly same as before, free decryption as guarantee, you can send us upto three free decrypted files before payment.”

A source said that CERT-In  found after checking all AIIMS systems that no measures were implemented by its computer faculty to secure the network, and the institution had no policies defined on the available firewall. “Most of their switches were unmanaged,” the source said. “All the infected servers were disconnected by a team of National Informatics Centre (NIC) from the network and internet to avoid spreading of contamination to other services.”

The NIA has sent a team to AIIMS. Besides CERT-In and NIC teams, a team from the Defence Research and Development Organisation (DRDO) is also looking into the matter, sources said. Delhi Police, the Intelligence Bureau, CBI and Home Ministry are also probing the incident.

Story continues below this ad

Initial investigation has also revealed that the attacker has two proton mail addresses — “dog2398” and “mouse63209” — which have been identified from the headers of the encrypted files. “The breach in security has particularly affected e-hospital application, which was provided and managed by NIC since 2011-12, stopping the online functioning of OPD, emergency and other patient care services in the AIIMS premises,” a source said.

DCP (Cyber Crime Unit) Prashant Priya Gautam had said: “The forensic images of impacted servers have been sent to the lab for analysis. Analysis is under process. AIIMS administration and other agencies are in process of restoring the service. No ransom demand has been brought to notice.”

Mahender Singh Manral is an Assistant Editor with the national bureau of The Indian Express. He is known for his impactful and breaking stories. He covers the Ministry of Home Affairs, Investigative Agencies, National Investigative Agency, Central Bureau of Investigation, Law Enforcement Agencies, Paramilitary Forces, and internal security. Prior to this, Manral had extensively reported on city-based crime stories along with that he also covered the anti-corruption branch of the Delhi government for a decade. He is known for his knack for News and a detailed understanding of stories. He also worked with Mail Today as a senior correspondent for eleven months. He has also worked with The Pioneer for two years where he was exclusively covering crime beat. During his initial days of the career he also worked with The Statesman newspaper in the national capital, where he was entrusted with beats like crime, education, and the Delhi Jal Board. A graduate in Mass Communication, Manral is always in search of stories that impact lives. ... Read More

Stay updated with the latest - Click here to follow us on Instagram

Latest Comment
Post Comment
Read Comments
Advertisement

You May Like

Advertisement