InfoSecBulletin Cybersecurity for mankind
Indian Pimpri Chinchwad police’s cyber cell is looking into a complaint where a hacker demanded $80,000 (over Rs 68 lakh) from a biopharmaceutical company in Hinjewadi to release encrypted data he had stolen.
A senior employee contacted the police on Monday following a threatening email received on April 27. A case has been filed under section 308 of the Bharatiya Nyaya Sanhita, and sections 43, 66, and 72 of the Information Technology Act.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Police sub-inspector Sagar Poman stated that this is a ransomware attack. Initial investigations showed that a cybercriminal sent a harmful email to an employee, which allowed access to one of the company’s 15 servers.
The hacker got access to all of them.” The hacker then started copying the data, Poman said. “By the time the employees realised what was happening, the hacker had copied the entire data, encrypted it, and put a password on it.”
Poman said the hacker sent emails to company officials seeking $80,000 within three days. “He also threatened that if the company tried to decrypt the data, they would lose it within 24 hours. The cybercrook also said that if the money was not transferred to him, he would sell the data on the dark web.”
For the last two days, the company’s operations have stopped, the police officer said. “We will record statements of about 300 employees.”
Times of India reported, Rohan Nyayadish, director of Digital Task Force, too called it a case of ransomware attack in which data of a company is either stolen or compromised due to un-updated firewalls or online security measures. “Firms must follow security audit norms issued by Central govt on April 1 and they should spend money on insuring their data and research.”
The cyber criminals steal data or programmes of a company after targeting its servers, Nyayadish further said. “Cyber criminals generally demand ransoms via cryptocurrencies. Companies should not pay it and report the matter to the police; experts can retrieve the data.”
Advocate and cybercrime expert Gaurav Jachak said ransomware is not just a cyberattack – it is digital extortion, and strong cybersecurity is the only shield. “Such crimes are punishable under the IT Act and the BNS. It is important for victims to quickly report to the cyber police and keep all digital proof safe. People must also know that paying ransom is not the solution – it only encourages criminals. Companies should regularly back up their important data in a mirror image format on multiple devices to stay safe from such attacks.”
