Indian Society for Cyberabad Security Council (SCSC) has declared that in the past 10 days Pakistani hackers have defaced their 50 IT companies from Hyderabad, India.
Apparently these hackers were reported to be Pakistani who initiated the attack by using proxy servers. These proxy servers were used in Turkey, Somalia and Saudi Arabia. In order to find the felon ethical hackers, a team was set up by cyber security forum officials. The team tracked the location of the hackers through IP address and reported that proxy servers were moved every 5 minutes. Ransomware and bitcoins viruses were used to gather the information.
The hackers blocked the system of the IT companies and demanded money in return for the decryption code. Most of the companies that they hacked were the finance companies. These companies have very crucial data stored with them.
This event is not the first of its kind in India. In 2015, three banks were also attacked in the same manner. In this attack, the hackers demanded 8000 bit coins (worth almost $5M). Indian cyber police have doubt that the decryption code may not even exist so they advised not to pay the ransom.
Description of the attack
CEO of Hyderabad Security Company Authbase Pvt Ltd, Umesh Thota reported that this incident took place when the office staff opened their emails. These particular emails had virus in them which caused the chaos.
In such attacks, the emails contain functions that need a user to establish a connection with the hacker. To make that happen, the hackers made attractive emails that were usually offering lucrative job or a response to a job application.
At this time 9 ransomware variants are active, Umesh Thota reported. He also said that since downloading the data will give up their location, hackers are avoiding it.
Recently, Pakistani hackers also forced Indian pilots to listen ‘Dil Dil Pakistan’ at the time of landing near LoC.