Digital Onslaught: Delhi Police Targeted
Incident Date:
April 2, 2024
Overview
Title
Digital Onslaught: Delhi Police Targeted
Victim
Delhi Police
Attacker
Killsec
Location
First Reported
April 2, 2024
Delhi Police Suffers Ransomware Attack
Profile and Significance
The Delhi Police is a large organization with a significant presence in the government sector. It is responsible for maintaining law and order in the capital city of India, which is home to a large population and a significant number of government offices and institutions. The organization's size and significance make it a high-value target for cybercriminals, who may seek to exploit vulnerabilities in its systems to gain access to sensitive information or disrupt its operations.
Vulnerabilities
The ransomware attack on the Delhi Police website highlights the vulnerabilities of government organizations to cyber threats. Ransomware attacks can cause significant disruption to an organization's operations, as they often involve encrypting data and demanding a ransom for its release. In the case of the Delhi Police, the attack may have affected their ability to access and manage sensitive information, potentially compromising the security of the data they hold.
Newcomer Ransomware Group KillSecurity
The emergence of the ransomware group known as KillSecurity presents a fresh and concerning threat. Utilizing a driver inspired by the iconic Bond franchise, this group employs sophisticated tactics to disable security suites and encrypt data on compromised devices systematically. KillSecurity's modus operandi begins with phishing emails aimed at pilfering login credentials, paving the way for the disabling of security programs, encryption of data, and the demand for a hefty ransom of 50 Bitcoin (equivalent to approximately $2 million) to be paid within a strict 72-hour window, with additional penalties accruing for each day of delay.
Analysts posit a potential link between KillSecurity and the older ransomware variant BlackMatter, hinting at a possible connection between the two groups. With a track record of targeting both organizations and individuals, KillSecurity has wrought havoc through widespread cyber incidents and data breaches on a global scale.
Sources
- Delhi Police website: http://delhipolice.gov.in/
- Delhi Police Cyber Crime Cell: https://cyber.delhipolice.gov.in/ransomware.html
- Hindustan Times: "Ransomware attack: Cyber terrorism probe as AIIMS services paralysed"
- India Today: "AIIMS cyber attack: Delhi Police seeks information on Chinese hackers through Interpol"
- Economic Times: "AIIMS ransomware attack: Key patient data at risk of leak, sale on dark web"
- Business Today: "Cyber attack at AIIMS Delhi: Hackers demand Rs 200 cr in crypto, says report"
- Twitter post by Ransomware News on X
- Kill Security Ransomware WatchGuard Technologies
- Law enforcement disrupt world's biggest ransomware operation at Europol
- GitHub repository for RansomWatch
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.