A PUNE based multinational biopharmaceutical company was targeted in a ransomware attack in which the cyber criminals compromised and encrypted the critical data on their servers and demanded 80,000 USD for its decryption key. The attackers threatened to sell the proprietary data on the dark web if the ransom demand was not met, police said.
A probe in this regard was launched by the Cyber Crime Police station of Pimpri Chinchwad police after a senior executive of the biopharmaceutical company’s Pune office registered an FIR on Monday evening. The ransomware attack was reported on Sunday afternoon.
“Initial probe suggests that the ransomware might have infiltrated the organisation’s internal network by compromising an endpoint device like a computer, most likely via a phishing attack that delivered a malicious payload through a deceptive link. This happens when there are vulnerabilities in the security measures. Once inside the network, the attackers deployed ransomware to the company’s primary server and subsequently to over a dozen secondary servers. Then they encrypted the sensitive data on this network.” said an officer from Pimpri Chinchwad Cyber police station.
“The compromised data includes proprietary formulae and manufacturing processes of biopharmaceutical operations and confidential business information. Unfortunately the company has not backed up the majority of its sensitive data and faces the risk of losing it. The attackers have threatened to sell the data on dark web if the ransom demand of 80,000 USD (over Rs 68 lakh) is not met. The company has not paid the ransom. We have launched an investigation to trace the origin of the attack and will start working with the IP logs.” the officer added.
“We are appealing to companies and organisations to adopt robust protection protocols, keep their firewall configuration updated and regularly back up critical data offline to mitigate such risks in addition to all standard Cyber security mechanisms,” said the officer.
Deputy Commissioner of Police (Crime) with Pimpri Chinchwad police, Sandeep Doiphode said, “A probe has been launched in the case. It highlights the need for the companies to invest in up-to-date cyber security measures along with trained human resources in this area.”
Explaining the ransomware attack, an officer said, “In a ransomware cyber attack malicious software encrypts data of the target’s systems and prevents the users from accessing the said data. A demand for ransom is subsequently made in exchange for a decryption key or giving back the access. It has been observed that demand is often made in cryptocurrency because it is harder to trace. Ransomware is most of the time deployed through phishing emails, malicious links and by using the lacunae in cyber security measures of the company.”
