InfoSecBulletin Cybersecurity for mankind
Indian Pimpri Chinchwad police’s cyber cell is looking into a complaint where a hacker demanded $80,000 (over Rs 68 lakh) from a biopharmaceutical company in Hinjewadi to release encrypted data he had stolen.
A senior employee contacted the police on Monday following a threatening email received on April 27. A case has been filed under section 308 of the Bharatiya Nyaya Sanhita, and sections 43, 66, and 72 of the Information Technology Act.
Microsoft New Accounts Go Passwordless By Default
SonicWall Patched for SSRF Vulnerability in SMA1000 Appliances
Patch Now! SonicWall Confirms Active Exploitation of SMA 100 Vulns
Commvault Confirms Its Azure Cloud Environment Breach via Zero-Day Attack
Ransomware Attack On Biopharma : Hacker seeks $80k
Apple warns new victims of spyware attacks across the world
Ticket resaler exposed 520,054 records size of 200 GB
“bCloud” Starts Journey in Bangladesh Targeting Cloud Solutions
Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol
Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files
Police sub-inspector Sagar Poman stated that this is a ransomware attack. Initial investigations showed that a cybercriminal sent a harmful email to an employee, which allowed access to one of the company’s 15 servers.
The hacker got access to all of them.” The hacker then started copying the data, Poman said. “By the time the employees realised what was happening, the hacker had copied the entire data, encrypted it, and put a password on it.”
Poman said the hacker sent emails to company officials seeking $80,000 within three days. “He also threatened that if the company tried to decrypt the data, they would lose it within 24 hours. The cybercrook also said that if the money was not transferred to him, he would sell the data on the dark web.”
For the last two days, the company’s operations have stopped, the police officer said. “We will record statements of about 300 employees.”
Times of India reported, Rohan Nyayadish, director of Digital Task Force, too called it a case of ransomware attack in which data of a company is either stolen or compromised due to un-updated firewalls or online security measures. “Firms must follow security audit norms issued by Central govt on April 1 and they should spend money on insuring their data and research.”
The cyber criminals steal data or programmes of a company after targeting its servers, Nyayadish further said. “Cyber criminals generally demand ransoms via cryptocurrencies. Companies should not pay it and report the matter to the police; experts can retrieve the data.”
Advocate and cybercrime expert Gaurav Jachak said ransomware is not just a cyberattack – it is digital extortion, and strong cybersecurity is the only shield. “Such crimes are punishable under the IT Act and the BNS. It is important for victims to quickly report to the cyber police and keep all digital proof safe. People must also know that paying ransom is not the solution – it only encourages criminals. Companies should regularly back up their important data in a mirror image format on multiple devices to stay safe from such attacks.”
