The Insurance Information Bureau of India (IIB) has reported a ransomware attack to the Cyberabad police, stating that hackers from Russia encrypted their data and demanded a ransom of $250,000 in bitcoins to restore access.
The attack, which occurred on April 2, resulted in the encryption of the IIB’s server data, making it inaccessible to the agency. It is suspected that most of the data is still in the hands of the cyber attackers, and the extent of the damage is currently being assessed.
During an internal cyber forensic audit, IIB officials discovered that around 30 server systems had been compromised, and the attackers had encrypted the database files.
The compromised data includes confidential information, and the accounts of the system administrator, database administrator, and 11 other accounts were also compromised. The attack was traced back to a Russian IP address, and a ransom note with contact details was left by the threat actor.
Although IIB officials engaged in communication with the ransomware attacker, they did not pay the ransom. The agency has backups of sensitive data, allowing day-to-day operations to continue.
While some of the encrypted data is critical, IIB officials are not in a desperate situation. After spending time understanding the severity of the attack and attempting to restore the encrypted data, IIB officials finally lodged a formal police complaint to initiate an investigation into the incident. The specific nature of the encrypted data is yet to be identified.