Haldiram attacked by ransomware, attackers demand USD7,50,000 ransom
Haldiram foods were attacked by ransomware encrypting all their files, data, applications, and systems and demanded a ransom of USD 7, 50,000 for decrypting and granting access of their data back to them.
The complaint was filed on July 17 of this year but an FIR was registered on Oct 14 by cyber cell, making it the second recent case where there was such a delay by Cyber Cell.
According to the FIR, on July 12 at 1:30 am the first problem was noticed with the server as some of the dispatch orders were held up.
The company's servers were hacked and encrypted by malware and the hackers left the message that all their files, data, applications, and systems have been encrypted and demanded a ransom of USD 7,50,000 to decrypt the data and system and to delete all the stolen data from their end.
“That on receipt of the aforesaid information, senior manager (IT) Ashok Kumar Mohanty informed Aziz Khan, DGM (IT) to resolve the issue. However, on accessing the servers of the company, Mr. Aziz Khan, found out that all the servers of the company had been hacked and hit by a cyber-attack/malware popularly called as a Ransomware Attack. Upon becoming aware of the attack, officials reached the corporate office of the company situated at C-31, Sector-62, Noida at about 02:30 am to analyze the situation and resolve the same.
“That thus, in order re-analyze and confirm the problem with the servers and to find a resolution, officials decided to call another IT official who consequently accessed the firewall program on the company's servers and found some traffic generating from servers, showing the following IP addresses i.e. 192.168.0.152 and 192.168.0.154. 7. The officials of the company found out that some program was being executed on the aforementioned servers and all the data of the company was being diverted from and going out from the servers of the company. Therefore, the said program was immediately terminated by the officials along with the connectivity to all systems at branch locations of the company. However, it is apprehended that till the said disconnection was undertaken by the officials, maybe the entire or substantial data may have already been stolen from the servers. Thus, it is evident that the accused persons unauthorizedly entered the servers with intent to commit the offense of theft and extortion, thereby committing the offense of criminal trespass,” reads the FIR lodged under IPC sections 384 (extortion), 420 (cheating), and section 66 of the IT Act.
The company's DGM (IT) and the complainant in this case Aziz Khan, said that the complaint was filed with the cyber cell in July but the FIR was registered two months later when they have internally cleared the issue and got their data back.
“We had given a complaint to the cyber cell in July itself but an FIR was lodged only after multiple rounds that too, two months later. We have restored all our data internally,” said Aziz Khan, DGM (IT).