Society for Cyberabad Security Council (SCSC) confirmed that 50 IT companies from Hyderabad have been hacked in the past 10 days. The Cyber security Forum official said hackers’ origin is Pakistan and Pakistani hackers used proxy server in Turkey, Somalia, and Saudi Arabia to launch these attacks. These proxy servers were moved every five minutes, but ethical hackers’ team managed to pin point the location of the actual attackers through IP addresses, the port used and the network node. Information was acquired using ransomware and bitcoins viruses.
Hackers locked these IT companies systems and demanded money in return for decryption key. This ransomware is actively in news from August and Hyderabad Cyber Police is working on stopping these attacks. Most of the companies that were attacked are in the finance industry, thus the data is very crucial and should not fall in the wrong hands. Last year this time 3 banks were hit by ransomware and 8000 bit coins (approximately 5M USD) was demanded. Cyber Police is asking all IT firms not to pay up the random amount because there is no guarantee that the hacker will give the decryption key. Read more about Hyderabad Hit by Ransomware.
Umesh Thota, CEO of Hyderabad Security Company Authbase Pvt Ltd gave us insights into this situation. The point of entry for this virus is an email from an unknown user. Umesh says people open emails from unknown users when they receive an email stating job offer or a resume in response to a job posting or any other relevant information. The virus is in the email that will ask you to enable macros to read it. When you enable macros the code executes and a connection to the hacker is established.
Hackers can infect users thru websites and should be designed keeping security in mind. Umesh further tells that there are 9 ransomware active variants currently and the hacking community has already cracked 6 problem is these keep evolving as well. Umesh also told us that the hackers will not download any data, since their location would be revealed. In august when we first wrote about this ransomware our investor’s system was attacked. Be careful and secure your data