Almost 50 IT companies have been under cyber attacks from Pakistan-based hackers over the past 10 days, the Society for Cyberabad Security Council (SCSC) told the media. Investigation revealed how information was stolen using ransomware and bitcoins were demanded for handing back the decryption keys. The Cyber Security Forum officials said Pakistani hackers have used servers in Turkey, Somalia and Saudi Arabia to launch attacks against companies. “A few of these attacks have been sorted out although majority are still being tackled. It is a sudden spurt in ransomware attacks. Almost all the attacks in the last 10 days have originated from Pakistan,” said Devraj Wodeyar, head, Cyber Security Forum under the Society of Cyberabad Security Council (SCSC).
A few establishments directly reported this to the SCSC, established to promote safety and security in the city’s IT corridor, others came to the notice of the Council through private cyber security firms that have been approached by the hapless companies. Their names have been withheld due to security issues. The Cyberabad area along the western part of the Hyderabad houses an estimated 2,500 IT companies, including 1,300 big companies registered with the National Association of Software and Services Companies (NASSCOM). These companies cater to businesses across the globe, but bulk of its clients are in the US and Europe.
Explaining the method of attacks, officials said the proxy servers were changed every five minutes, but somehow the ethical hackers team managed to nail the location of the actual attackers through IP addresses, the port used and the network node. The news of attacks in Hyderabad comes days after a Pakistani hackers group recently claimed hacking 7,000 plus Indian websites as `revenge’ against the surgical strikes carried out by the Indian Army in bordering areas earlier this month.
Most companies hit by cyber attacks in the city are ones dealing in finances. “Majority of these firms approached experts with complaints that their network transactions were not moving.When we investigated and went through the synopsis, we found them to be ransomware attacks launched from Riyadh,” added Wodeyar. One of the companies, whose entire data was locked out by hackers, was asked for 1 lakh bit coins (Rs.420 crore) as ransom, reveal insiders.