TN Ransomware Attack

A ransomware attack have encrypted certain sensitive documents of the Tamil Nadu Public Department. Some of the files encrypted relate to VIP visits, their programmes and related arrangements made by State Protocol officials, official sources said.

The suspect has demanded payment of 1,950 USD in cryptocurrency as ransom for handing over the decryption code, experts from Centre for Development of Advance Computing (C-DAC) and Computer Emergency Response Team are trying to retrieve the encrypted documents.

Officials from the C-DAC, with whom the State Government’s Electronics Corporation of Tamil Nadu (ELCOT) has a tie-up for e-governance and cyber security management issues, inspected the desktop computers that displayed a message from the suspect demanding payment of ransom in cryptocurrency.

Of the 12 desktop computers used at the particular section in the Public Department, about 8 were found to be operating on the Windows-7 Operating System which was an outdated platform with little or no support from Microsoft. Because of the this, the desktop computers had no security/software updates and anti-virus mechanism to prevent ransomware or other cyber attacks.

Though officials were trying to retrieve the content of files that remain encrypted from other sources, cyber security officials from the Tamil Nadu police who inspected the desktop computers said there was no compromise whatsoever on VIP security protocol or any other matter that could affect the routine functions of the State government.

An effective IT security policy and First Responders in computer forensics to handle such situations required. Use of outdated operating systems with no software updates and anti-virus protection remains a threat. The ransomware could landed based on a phishing type attack , clicking the link could be the reason.