A diagnostic centre in the national Capital was recently targeted by unknown hackers, who through a ransomware gained illegal access to its servers and encrypted the data.
They demanded ransom from the owner in the form of bitcoins to restore the data.
There has been a spurt in the use of ransomware by unscrupulous hackers to extort money from individuals and companies in the past few years. While a large number of cases were initially reported in the United States and European countries, according to cyber security experts, lakhs of computers are now getting infected by various versions of ransomware every year worldwide.
The hackers first encrypt the data of the computer user and then demand ransom in the form of bitcoin, to evade detection, to restore the data. The ransom amount is usually kept small to ensure that the victims pay up without taking to any legal recourse.
Complaint
Based on a complaint from the diagnostic centre, the Central Bureau of Investigation has registered a case under Section 384 (punishment for extortion) of the Indian Penal Code and Section 66 (computer related offences) read with Section 43 (damages and compensation for the offence) of the Information Technology Act.
The incident happened recently when computer operators at the diagnostic centre discovered that they were unable to access the data saved in the servers. The files when opened would just flash a message from the hackers: “Data is encrypted”.
Then the diagnostic centre received anonymous emails from the hackers demanding a ransom of $1,300 in the form of bitcoins.
Virtual crypto-currency
Bitcoin is a virtual crypto-currency that was invented in October 2008. One bitcoin is currently worth Rs.40,541. Several countries have not prohibited its use, some have come up with regulatory mechanisms for it, whereas several countries see it as a potential tool for money laundering operations, terror funding or other criminal activities.
RBI public advisory
In December 2013, the Reserve Bank of India issued a public advisory cautioning against transaction in virtual currencies like bitcoin. Days later, the Enforcement Directorate had conducted searches at the Ahmedabad office of a website dealing in virtual currency.
In April this year, alarmed by the rising incidents of ransomware attacks, the US’s Federal Bureau of Investigation issued a public advisory.
“Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them,” said the statement.
The FBI said during 2015, law enforcement agencies had seen an increase in such cyber attacks, particularly against organisations as the payoffs were higher. “And if the first three months of this year are any indication, the number of ransomware incidents — and the ensuing damage they cause — will grow even more in 2016 if individuals and organisations don’t prepare for these attacks in advance,” said the advisory, recommending robust technical prevention controls.