In early March, in the dead of the night, executives at a mid-sized pharmaceutical contract manufacturer in the US scrambled to make an SOS call to cyber professionals. The Indiana-based company had been targeted by a ransomware attack—hackers cut off access to the company’s data, demanding a ransom for it. If the company didn’t comply, the hackers threatened, the data would be leaked. 

The company lost access to its enterprise resource planning (ERP) servers, which host the massive application that integrates all processes required to run the business. The company didn’t have an efficient backup system either. Backups of data, ideally, need to be made as often as possible. In this case, the company’s backups were a month old. Losing control of ERP servers and the data contained within would bring the business to a crashing halt, impacting contractual obligations and possibly attracting regulatory action. 

The group behind the attack had Ukrainian links, and used a variant of the MedusaLocker MedusaLocker McAfee Threat Landscape Dashboard Read more malware to carry out the attack, said an executive who worked closely with the affected company and had knowledge of the incident. “The company paid close to US$100,000 to recover the ERP server data. Just when it thought the worst was over, a few days later, another server was encrypted and became inaccessible. Again, hackers threatened to sell data on the dark web,” the executive close to the company told The Ken

The company allegedly coughed up another US$20,000-30,000. The events went unreported. 

While the Indiana-based company had a costly escape, Mumbai-headquartered Navnit Group had bigger problems. On 21 April, Bengaluru-based employees of the automobile dealership noticed that something was amiss. 

Of the group’s 1,000 computers across 25 locations in the country, nearly half the systems couldn’t be accessed. The records of cars being serviced became inaccessible. “What really saved the company was the backup system in the disaster recovery site—which backs up data on a weekly basis,” an executive working closely with the company said. 

That, though, is where Navnit Group’s luck ended. The company had been hit hard by the pandemic. It was already struggling to pay salaries on time; it had no money to pay the ransom, said the executive.

Consequently, the hackers dumped the entirety of the stolen data in the public domain. According to claims made by the hacker group on the dark web, the data includes scans of passports and driver’s licences, financial documents, and corporate databases. The Ken could not independently verify the nature of the leaked data.

AUTHOR

Pratap Vikram Singh

Pratap is based out of Delhi and covers policy and myriad intersections with the other sectors, most notably technology. He has worked with Governance Now for seven years, reporting on technology, telecom policy, and the social sector.

View Full Profile

Read this story. Subscribe Now

This story is available across both editions. Subscribe to the one that’s most relevant for you. Questions?

Pick an edition

MOST POPULAR

Annual Subscription

12-month access to 200+ stories, archive of 800+ stories from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 2,750

Subscribe
 

Quarterly Subscription

3-month access to 60+ new stories with 3-months worth of archives from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 1,750

Subscribe
 

Single Story

Instant access to this story for a year along with comment privileges.

Rs. 500

Subscribe
MOST POPULAR

Annual Subscription

12-month access to 150+ stories from Southeast Asia.

$ 120

Subscribe
 

Quarterly Subscription

3-month access to 35+ stories from Southeast Asia.

$ 50

Subscribe
 

Single Story

Instant access to this story for a year along with comment privileges.

$ 20

Subscribe

Questions?

What is The Ken?

The Ken is a subscription-only business journalism website and app that provides coverage across two editions - India and Southeast Asia.

What kind of stories do you write?

We publish sharp, original and reported stories on technology, business and healthcare. Our stories are forward-looking, analytical and directional — supported by data, visualisations and infographics.

We use language and narrative that is accessible to even lay readers. And we optimise for quality over quantity, every single time.

What do I get if I subscribe?

For subscribers of the India edition, we publish a new story every weekday, a premium daily newsletter, Beyond The First Order and a weekly newsletter - The Nutgraf.

For subscribers of the Southeast Asia edition, we publish a new story three days a week and a weekly newsletter, Strait Up.

The annual subscription will get you complete, exclusive access to our archive of previously published stories for your edition, along with access to our subscriber-only mobile apps, our premium comment sections, our newsletter archives and several other gifts and benefits.

Do I need to pay separately for your premium newsletters?

Nope. Paid, premium subscribers of The Ken get our newsletters delivered for free.

Does a subscription to the India edition grant me access to Southeast Asia stories? Or vice-versa?

Afraid not. Each edition is separate with its own subscription plan. The India edition publishes stories focused on India. The Southeast Asia edition is focused on Southeast Asia. We may occasionally cross-publish stories from one edition to the other.

Do you offer an all-access joint subscription for both editions?

Not yet. If you’d like to access both editions, you’ll have to purchase two subscriptions separately - one for India and the other for Southeast Asia.

Do you offer any discounts?

No. We have a zero discounts policy.

Is there a free trial I can opt for?

We don’t offer any trials, but you can sign up for a free account which will give you access to the weekly free story, our archive of free stories and summaries of the paid stories. You can stay on the free account as long as you’d like.

Do you offer refunds?

We allow you to sample our journalism for free before signing up, and after you do, we stand by its quality. But we do not offer refunds.

I am facing some trouble purchasing a subscription. What can I do?

Please write to us at [email protected] detailing the error or queries.