In the past ten days, 50 IT companies from Hyderabad, India have been hacked by Pakistanis, confirmed Indian Society for Cyberabad Security Council (SCSC).
It was revealed that the hackers allegedly belong to Pakistan and used proxy servers in Turkey, Somalia and Saudi Arabia to initiate the attacks. Cyber security Forum official also stated that an ethical hackers team was set up in order to locate the culprits. The team managed to find out that proxy servers moved after every five minutes but through IP address, location of the attackers was pin pointed. Information was acquired using ransomware and bitcoins viruses, he reported.
The hackers, allegedly, locked the IT companies’ systems and in return wanted money for the decryption keys. Majority of the companies targeted are financial companies, implying their data is crucial.
This is not the first time India has seen such an event unfold. Last year, three banks were also hacked in a similar fashion. The hackers demanded 8000 bit coins (approximately 5M USD). The Indian cyber police has advised not to pay the ransom as there is no assurity whether the decryption key even exists in the first place.
About The Attack
The mayhem unfolded after people using the company’s computers opened emails which contained the virus, said Umesh Thota, CEO of Hyderabad Security Company Authbase Pvt Ltd.
In attacks such as these, the emails contain macros which need to be enabled by the user for a connection to be established with the hacker. Due to that reason, the hackers ensure that they use appealing subjects for the emails such as job offers or a response to a job application.
Umesh Thota also reported that there are 9 ransomware variants active currently. He said that the hackers are not able to download any data, since it will compromise their location.