The suspects have demanded the payment of a ransom in cryptocurrency; experts say old operating systems and lack of security software could have led to the attack
A ransomware attack is said to have encrypted certain sensitive documents of the Tamil Nadu Public Department since Friday morning. Some of the files encrypted relate to VIP visits, their programmes and related arrangements made by State Protocol officials, official sources said.
While the suspect has demanded payment of 1,950 USD in cryptocurrency as ransom for handing over the decryption code, cyber security experts from the Centre for Development of Advance Computing (C-DAC) and Computer Emergency Response Team are trying to retrieve the encrypted documents, sources in the State Secretariat here told The Hindu on Saturday.
Soon after the ransomware attack, officials from the C-DAC, with whom the State Government’s Electronics Corporation of Tamil Nadu (ELCOT) has a tie-up for e-governance and cyber security management issues, inspected the desktop computers that displayed a message from the suspect demanding payment of ransom in cryptocurrency, the sources said.
Of the 12 desktop computers used at the particular section in the Public Department, about 8 were found to be operating on the Windows-7 Operating System which, cyber security experts said, was an outdated platform with little or no support from Microsoft. Because of the this, the desktop computers had no security/software updates and anti-virus mechanism to prevent ransomware or other cyber attacks.
Though officials were trying to retrieve the content of files that remain encrypted from other sources, cyber security officials from the Tamil Nadu police who inspected the desktop computers said there was no compromise whatsoever on VIP security protocol or any other matter that could affect the routine functions of the State government.
“We need an effective IT security policy and First Responders in computer forensics to handle such situations. Use of outdated operating systems with no software updates and anti-virus protection remains a threat. The ransomware is click-based and could have landed in the form of a Whatsapp message (opened on a desktop computer), email, pop-up etc,” a senior official who is part of the investigation team said.
According to cyber experts, there has been an increase in ransomware attacks in recent times. Suspects operating from unknown locations often target prominent personalities and demand payment of ransom by claiming that they had access to sensitive personal data or websites visited by them.
“Even if a few respond and make payments, that’s good enough for the suspects. Awareness on cyber safe practices when it comes to internet usage and updated systems supported by secure networks is the key,” the official said, adding that a formal complaint would soon be lodged with the police.