Search This Blog

Showing posts with label Ransomware attack. Show all posts

Haldiram attacked by ransomware, attackers demand USD 7,50,000 ransom


Haldiram foods were attacked by ransomware encrypting all their files, data, applications, and systems and demanded a ransom of USD 7, 50,000 for decrypting and granting access of their data back to them.
The complaint was filed on July 17 of this year but an FIR was registered on Oct 14 by cyber cell, making it the second recent case where there was such a delay by Cyber Cell.

According to the FIR, on July 12 at 1:30 am the first problem was noticed with the server as some of the dispatch orders were held up.

The company's servers were hacked and encrypted by malware and the hackers left the message that all their files, data, applications, and systems have been encrypted and demanded a ransom of USD 7,50,000 to decrypt the data and system and to delete all the stolen data from their end.

 “That on receipt of the aforesaid information, senior manager (IT) Ashok Kumar Mohanty informed Aziz Khan, DGM (IT) to resolve the issue. However, on accessing the servers of the company, Mr. Aziz Khan, found out that all the servers of the company had been hacked and hit by a cyber-attack/malware popularly called as a Ransomware Attack. Upon becoming aware of the attack, officials reached the corporate office of the company situated at C-31, Sector-62, Noida at about 02:30 am to analyze the situation and resolve the same. 

“That thus, in order re-analyze and confirm the problem with the servers and to find a resolution, officials decided to call another IT official who consequently accessed the firewall program on the company’s servers and found some traffic generating from servers, showing the following IP addresses i.e. and 7. The officials of the company found out that some program was being executed on the aforementioned servers and all the data of the company was being diverted from and going out from the servers of the company. Therefore, the said program was immediately terminated by the officials along with the connectivity to all systems at branch locations of the company. However, it is apprehended that till the said disconnection was undertaken by the officials, maybe the entire or substantial data may have already been stolen from the servers. Thus, it is evident that the accused persons unauthorizedly entered the servers with intent to commit the offense of theft and extortion, thereby committing the offense of criminal trespass,” reads the FIR lodged under IPC sections 384 (extortion), 420 (cheating), and section 66 of the IT Act.

 The company’s DGM (IT) and the complainant in this case Aziz Khan, said that the complaint was filed with the cyber cell in July but the FIR was registered two months later when they have internally cleared the issue and got their data back. 

 “We had given a complaint to the cyber cell in July itself but an FIR was lodged only after multiple rounds that too, two months later. We have restored all our data internally,” said Aziz Khan, DGM (IT).

How a loyal employee saved Tesla from a Russian 1 million malware attack

As Justin Richards said, "heroes can be found in the most unlikely places. Perhaps we all have it within us to do great things...", this tale of extortion, bribing, and planned attack brings out how a loyal employee saved Tesla from a 1 million malware attack.

In early August, an employee of Tesla was offered 1 million dollars to place an inside threat- a malware in Tesla's Newada factory; a conspiracy had it been successful could have cost the company millions. 

According to the US Justice Department indictment Egor Igorevich Kriuchkov, a 27-year-old Russian came to the United States in July and started messaging an employee of the sustainable technology company whom he had met years earlier. The employee, a Russian emigrant, and Kriuchkov met at a Reno area bar, and that's where the idea for infiltrating Tesla's network was first pitched to the employee. He would get $500,000 to open a malicious email or 1 million cash or Bitcoin for the incursion of malicious files via USB. 

 The employee though reported the miscreant to the company and soon the US Federal Bureau of Investigation got involved. The Investigation department and our unnamed employee worked out undercover to discover Kriuchkov's whole scheme where an inside threat would infiltrate the whole network with ransomware and if Tesla didn't pay the ransom- their data would be publicly released on the Internet.

 The conspirator Egor Igorevich Kriuchkov was arrested on 22 August, driving from Reno to Los Angeles where he was to catch a flight to flee the country, subsequently, after the arrest, he was presented to the court on Monday. Two other suspected conspirators have been identified as Kisa and Pasha (nicknames).

 Elon Musk, tweeted Thursday night "This is a serious attack", in response to Tesla's blog post. The attacker did confess that his gang has been working on similar attacks on other companies but the plan on Tesla could have been for more than money; it could have been a plan to obtain the high-end sustainable tech, manufacturing, and chemistry. The attack has not yet been revealed to be tied to the Russian Government.