Digital Onslaught: Delhi Police Targeted

Incident Date:

April 2, 2024

World map

Overview

Title

Digital Onslaught: Delhi Police Targeted

Victim

Delhi Police

Attacker

Killsec

Location

New Delhi, India

New Delhi, India

First Reported

April 2, 2024

Delhi Police Suffers Ransomware Attack

Profile and Significance

The Delhi Police is a large organization with a significant presence in the government sector. It is responsible for maintaining law and order in the capital city of India, which is home to a large population and a significant number of government offices and institutions. The organization's size and significance make it a high-value target for cybercriminals, who may seek to exploit vulnerabilities in its systems to gain access to sensitive information or disrupt its operations.

Vulnerabilities

The ransomware attack on the Delhi Police website highlights the vulnerabilities of government organizations to cyber threats. Ransomware attacks can cause significant disruption to an organization's operations, as they often involve encrypting data and demanding a ransom for its release. In the case of the Delhi Police, the attack may have affected their ability to access and manage sensitive information, potentially compromising the security of the data they hold.

Newcomer Ransomware Group KillSecurity

The emergence of the ransomware group known as KillSecurity presents a fresh and concerning threat. Utilizing a driver inspired by the iconic Bond franchise, this group employs sophisticated tactics to disable security suites and encrypt data on compromised devices systematically. KillSecurity's modus operandi begins with phishing emails aimed at pilfering login credentials, paving the way for the disabling of security programs, encryption of data, and the demand for a hefty ransom of 50 Bitcoin (equivalent to approximately $2 million) to be paid within a strict 72-hour window, with additional penalties accruing for each day of delay.

Analysts posit a potential link between KillSecurity and the older ransomware variant BlackMatter, hinting at a possible connection between the two groups. With a track record of targeting both organizations and individuals, KillSecurity has wrought havoc through widespread cyber incidents and data breaches on a global scale.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.