In early March, in the dead of the night, executives at a mid-sized pharmaceutical contract manufacturer in the US scrambled to make an SOS call to cyber professionals. The Indiana-based company had been targeted by a ransomware attack—hackers cut off access to the company’s data, demanding a ransom for it. If the company didn’t comply, the hackers threatened, the data would be leaked.
The company lost access to its enterprise resource planning (ERP) servers, which host the massive application that integrates all processes required to run the business. The company didn’t have an efficient backup system either. Backups of data, ideally, need to be made as often as possible. In this case, the company’s backups were a month old. Losing control of ERP servers and the data contained within would bring the business to a crashing halt, impacting contractual obligations and possibly attracting regulatory action.
The group behind the attack had Ukrainian links, and used a variant of the MedusaLocker MedusaLocker McAfee Threat Landscape Dashboard Read more malware to carry out the attack, said an executive who worked closely with the affected company and had knowledge of the incident. “The company paid close to US$100,000 to recover the ERP server data. Just when it thought the worst was over, a few days later, another server was encrypted and became inaccessible. Again, hackers threatened to sell data on the dark web,” the executive close to the company told The Ken.
The company allegedly coughed up another US$20,000-30,000. The events went unreported.
While the Indiana-based company had a costly escape, Mumbai-headquartered Navnit Group had bigger problems. On 21 April, Bengaluru-based employees of the automobile dealership noticed that something was amiss.
Of the group’s 1,000 computers across 25 locations in the country, nearly half the systems couldn’t be accessed. The records of cars being serviced became inaccessible. “What really saved the company was the backup system in the disaster recovery site—which backs up data on a weekly basis,” an executive working closely with the company said.
That, though, is where Navnit Group’s luck ended. The company had been hit hard by the pandemic. It was already struggling to pay salaries on time; it had no money to pay the ransom, said the executive.
Consequently, the hackers dumped the entirety of the stolen data in the public domain. According to claims made by the hacker group on the dark web, the data includes scans of passports and driver’s licences, financial documents, and corporate databases. The Ken could not independently verify the nature of the leaked data.