Cybersecurity NewsNews

Insurance Information Bureau Of India(IIB) Faced Ransomware Attack

Loading

The Insurance Information Bureau of India (IIB) reportedly notified police about a cyberattack from Russia that encrypted their data through a ransomware attack and requested $250,000 worth of Bitcoin to rectify the encryption.

Official Investigation to Identify Hacker’s Identity

On April 2, the independent body that manages a depository of insurance-related data in India observed that staffs failed to log into their office network and a successive investigation showed a ransomware attack.

As a result, the agency’s operators failed to access important databases as the hackers encrypted them.

Upon internal examination by the cyber forensics team, IIB officials found that the threat actors breached and encrypted roughly 30 server systems and database files in them.

Subsequently, official police sources claimed that the servers the hackers dealt with were some of the firm’s confidential data. AThe breach also affected system administrators and database administrators with 11 other accounts.

Insurance Information Bureau Of India Officials Laid Formal Complaints

Between March 30 and April 3. Police officials pinpoint an exfiltration of 16GB of data from firewall logs. Data exfiltration indicators recorded that the invasion was from a Russian IP address.

Furthermore, the hacker left a ransom note specifying the contact details, shortly after IIB officials commenced a conversation with the hackers through an email they demanded a ransom of Bitcoins equivalent to $250,000.

Notably, IIB officials did not pay any ransom, although the data is still under the captivity of the hackers. It appears there is a backup of sensitive data which in effect has helped in resuming the day-to-day business operations.

An accurate complaint is mandatory in such situations, and IIB officials conclusively divulged details of conversations with hackers to the police.

Sources claimed that Police officials are now trying to identify the threat actor’s identity and the kind of data has been encrypted that could likely be publicized by hackers.