[BreachExchange] WannaCry Ransomware locks down 200 computer systems in India

Destry Winant destry at riskbasedsecurity.com
Thu Aug 17 08:58:28 EDT 2017


https://www.gizbot.com/computer/news/wannacry-ransomware-locks-down-200-computer-systems-delhi-043397.html

If you recall, WannaCry ransomware had an adverse impact on many
businesses and organizations as it affected thousands of electronic
systems across the world.

The WannaCry ransomware program basically locked many users out of
their computer and the criminals behind the cyber attack demanded a
ransom to be paid in BitCoin to return access. While many were
affected across the globe, the attacks have somewhat reduced
dramatically.

On the other hand, India has been among the many affected countries.
But the attack was limited to few states which included Andhra
Pradesh, Gujarat, Kerala and West Bengal. However, it seems that the
attack has made its way to a new state now.

According to a report by Indian Express, over 200 computers have now
been affected at Rachna Sagar Private Limited which is a publishing
firm in Delhi. The report notes that the attack was first initiated on
August 9 when the company's staff found that they were unable to log
into their user accounts, and could only use the "demo" account. On
investigation, the company found out that hackers had entered their
system and they had also posted a message demanding a ransom between
$800 to $1000 in bitcoin.

Employees at the publishing company reportedly used an accounting
software called "Busy" for work. Moreover, each employee had two
accounts for accounting transactions - live account and a demo mode
one. Users generally used the live mode to conduct business. After the
hack, employees said that they could access only the demo mode and
that they have been unable to conduct business transactions.

As for the Police, their sources have stated that it is difficult to
track the hackers as they hacked into the computer systems using a
proxy network.

The company's General Manager has stated, "This morning, when we
started our work and opened Busy software, we received a text message
which said our files are encrypted. The message said we have to pay
money to enable decryption of our files (sic)."

"The hackers have locked out their data since April. Employees have
not been able to conduct any business since the day of the cyber
attack. Their billing process has been delayed and they are even
scared to use net banking as they fear online payment systems may be
compromised," said the source while talking to Indian Express.


More information about the BreachExchange mailing list