A day after a Navi Mumbai hospital and hotel became targets of a ransomware attack, cyber fraudsters encrypted data belonging to a Dadar-based chartered accountant and demanded money to remove the block on the data on Monday. While the incident took place on Monday, the complainant, realised that his data has been blocked on Tuesday. “A case of ransomware was reported, following which, an FIR has been registered at the Bhoiwada police station,” said Deputy Commissioner of Police (Zone 4) N Ambika.
While the FIR was lodged on Thursday, no arrest has been made in the case yet. Police said the incident took place on Monday at the complainant’s office near Framroz court in Dadar. Around 2.15 pm, a message flashed on the complainant’s computer screen saying, “You have to pay for decryption in bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption key, which will decrypt all your files.” The message also had an email address, on which he was to write to the fraudsters.
Around 7 pm, when the complainant tried to use a computer for some work, he could not access the data. When he tried other computers, he faced the same problem. He also found that some data and software had been deleted. Suspecting that a computer virus may be behind this, he copied the other files still available from the computer.
The complainant then left for the day and asked an employee from the information technology department to look into the matter. The employee later told him that the data had not been deleted but encrypted by fraudsters.
The Bhoiwada police has registered an FIR under Section 385 (putting person in fear of injury in order to commit extortion) and the Information Technology Act.
“Normally, ransomware attacks target big organisations. However, this time, since the last date for filing income tax is nearing, the fraudsters may have targeted the CA knowing that he would have sensitive data and would be willing to pay… It is difficult to track down the person behind such attacks. We are taking the help of the cyber cell to investigate the matter,” said an officer.
On Sunday, the MGM hospital in Navi Mumbai was attacked by a ransomware. Its data was locked out and the fraudsters demanded payment in bitcoins. Almost 10 days ago, Hotel Three Star in Kharghar had come under a similar attack. While last year, the Jawaharlal Nehru Port Trust was hit by a ransomware, in 2016, 150 computers in Mantralaya were hit by ransomware Locky.
In ransomware attacks, the fraudsters manage to get a virus installed on the target computers by sending infected links or attachments. Once a target clicks on the link or downloads the attachment, the virus encrypts the data and demands money to provide the encryption key.