The suspects demanded payment of a cryptocurrency ransom; experts say old operating systems and lack of security software could have led to the attack
A ransomware attack has reportedly encrypted some sensitive Tamil Nadu Public Department documents since Friday morning. Some of the encrypted files relate to VIP tours, their schedules and related arrangements made by state protocol officials, official sources said.
While the suspect demanded payment of $ 1,950 in cryptocurrency as a ransom for the delivery of the decryption code, cybersecurity experts from the Center for Development of Advance Computing (C-DAC) and the team at Computer emergency response attempting to recover encrypted documents, sources at the Secretary of State here said The Hindu Saturday.
Shortly after the ransomware attack, officials at C-DAC, with whom the state government’s Electronics Corporation of Tamil Nadu (ELCOT) has a connection for e-governance and cybersecurity management issues , inspected desktops that displayed a message from the suspect demanding payment of a cryptocurrency ransom, the sources said.
Of the 12 desktops used in the particular section of the prosecution, around 8 were running the Windows-7 operating system which cybersecurity experts said was an outdated platform with little to no support from Microsoft. Because of this, desktops did not have any security / software updates or anti-virus mechanisms to prevent ransomware or other cyber attacks.
Although officials were trying to recover the contents of the files that remain encrypted from other sources, Tamil Nadu Police cybersecurity officials who inspected the desktops said there had been no compromise on VIP security protocol or any other issue that may affect routine functions. state government.
“We need an effective IT security policy and IT forensic first responders to handle such situations. Using outdated operating systems without software updates and virus protection remains a threat. The ransomware is click-based and could have landed in the form of a Whatsapp message (opened on a desktop), email, pop-up, etc. Said a senior official who is part of the investigation team.
According to cyber experts, there has been an increase in ransomware attacks lately. Suspects operating from unknown locations often target prominent figures and demand ransom payments by claiming they had access to sensitive personal data or to websites they have visited.
“Even if a few respond and make payments, that’s enough for the suspects. Raising awareness of cybersecurity practices in using the internet and updated systems supported by secure networks is key, ”the official said, adding that a formal complaint would soon be lodged with the police.