Sources said that one of the reasons why the hackers have not yet been identified was because the accused used proxy networks to plant the ransomware attack.
TWENTY ONE days after a cyber attack was reported at Rachna Sagar publication, which led to the lockdown of more than 200 computer systems, the case has been handed over to the Crime Branch, police said on Thursday. The complaint was initially registered at the Daryaganj police station after the attack was discovered by the IT staff of the publishing company.
Sources said that one of the reasons why the hackers have not yet been identified was because the accused used proxy networks to plant the ransomware attack. “It is suspected that the files were encrypted after an employee accessed an email containing the malware, which eventually spread to other networks. It is impossible to identify the hackers as it would be an uphill task to trace them even if you trace their IP addresses and look
into the search engines,” said an officer familiar with the investigation.
DCP Bhisham Singh, Crime Branch (Cyber Cell and FICN), said, “We have registered an FIR in the case. We are trying to ascertain the identity of the hackers.” The police will also rope in an expert team from the Computer Emergency Response Team (CERT) to write a report on the ransomware attack and assist them in diagnosing the problem.
On August 17, The Indian Express had reported the case after it was found that the cyber attack was a new variant of the WannaCry ransomware attack. Sources had claimed more than 200 computers at the publishing house were locked out by the .loc extension. The WannaCry ransomware attack is identified by the .cry extension. However, the new variant of the malware, as seen in this case, is being identified by the .loc extension.
The employees at the publishing house used two accounts – demo and live – to access the computers. However, after the ransomware attack, the employees were unable to access the live accounts. Every time they tried to access it, they were sent back to the demo accounts, which has no administrative privileges. When the IT department tried to diagnose the issue, they found a message displayed by the hackers asking the company to pay them $800-1000 in bitcoins.
A source said, “The employees at the publishing house have not been able to use the GST accounting software. The employees basically use the BUSY accounting software for their transactions. Their systems have not been restored so far.” Sources have claimed that the hackers have compromised their data from April.
