Hyderabad: At least 50 information technology companies have come under a wave of cyber attacks from Pakistan-based hackers over the past 10 days, the Society for Cyberabad Security Council (SCSC) comprising Hyderabad's top IT companies and police, said on Thursday.
The investigation into the cyber strikes which came to the notice of the council revealed how information was stolen using 'ransomware' and bitcoins were demanded to hand back the decryption keys. The Cyber Security Forum officials said Pakistani hackers have used servers in Turkey, Somalia and Saudi Arabia to launch attacks against companies. "A few of these attacks have been sorted out although the majority are still being tackled. It is a sudden spurt in ransomware attacks. Almost all the attacks in the last 10 days have originated from Pakistan," said Devraj Wodeyar, head, Cyber Security Forum under the Society of Cyberabad Security Council (SCSC).
While few establishments directly reported this to the SCSC, established to promote safety and security in the city's IT corridor, others came to the notice of the Council through private cyber security firms that have been approached by the hapless companies. Their names have been withheld due to security issues. The Cyberabad area along the western part of the Hyderabad houses an estimated 2,500 IT companies, including 1,300 big companies registered with the National Association of Software and Services Companies (NASSCOM). These companies cater to businesses across the globe, but the bulk of its clients are in the US and Europe.
Explaining the method of attacks, officials said the proxy servers were changed every five minutes, but somehow the ethical hackers team managed to nail the location of the actual attackers through IP addresses, the port used and the network node.
The news of attacks in Hyderabad comes days after a Pakistani hackers group recently claimed hacking 7,000 plus Indian websites as `revenge' against the surgical strikes carried out by the Indian Army in bordering areas earlier this month.
Most companies hit by cyber attacks in the city are ones dealing with finances. "Majority of these firms approached experts with complaints that their network transactions were not moving.When we investigated and went through the synopsis, we found them to be ransomware attacks launched from Riyadh," added Wodeyar.
One of the companies, whose entire data was locked out by hackers, was asked for 1 lakh bit coins (nearly Rs 420 crore) as ransom, reveal insiders.
Despite paying the amount, there is only a faint chance of retrieval of information, say experts. "While the amount demanded usually depends on the importance of the information that hackers get hold of, it is not necessary that the decryption keys will be returned even after paying the amount. In the majority of the cases, the decryption keys have not been returned," added Zaki Qureshey, cyber security expert and founder of cyber security academy E2 Labs Information Security Private Limited.
Following the massive attacks, the SCSC is drafting a `Ransomware Remediation Plan' to help companies with guidelines on what can be done post a ransomware attack.
The investigation into the cyber strikes which came to the notice of the council revealed how information was stolen using 'ransomware' and bitcoins were demanded to hand back the decryption keys. The Cyber Security Forum officials said Pakistani hackers have used servers in Turkey, Somalia and Saudi Arabia to launch attacks against companies. "A few of these attacks have been sorted out although the majority are still being tackled. It is a sudden spurt in ransomware attacks. Almost all the attacks in the last 10 days have originated from Pakistan," said Devraj Wodeyar, head, Cyber Security Forum under the Society of Cyberabad Security Council (SCSC).
While few establishments directly reported this to the SCSC, established to promote safety and security in the city's IT corridor, others came to the notice of the Council through private cyber security firms that have been approached by the hapless companies. Their names have been withheld due to security issues. The Cyberabad area along the western part of the Hyderabad houses an estimated 2,500 IT companies, including 1,300 big companies registered with the National Association of Software and Services Companies (NASSCOM). These companies cater to businesses across the globe, but the bulk of its clients are in the US and Europe.
Explaining the method of attacks, officials said the proxy servers were changed every five minutes, but somehow the ethical hackers team managed to nail the location of the actual attackers through IP addresses, the port used and the network node.
The news of attacks in Hyderabad comes days after a Pakistani hackers group recently claimed hacking 7,000 plus Indian websites as `revenge' against the surgical strikes carried out by the Indian Army in bordering areas earlier this month.
Most companies hit by cyber attacks in the city are ones dealing with finances. "Majority of these firms approached experts with complaints that their network transactions were not moving.When we investigated and went through the synopsis, we found them to be ransomware attacks launched from Riyadh," added Wodeyar.
One of the companies, whose entire data was locked out by hackers, was asked for 1 lakh bit coins (nearly Rs 420 crore) as ransom, reveal insiders.
Despite paying the amount, there is only a faint chance of retrieval of information, say experts. "While the amount demanded usually depends on the importance of the information that hackers get hold of, it is not necessary that the decryption keys will be returned even after paying the amount. In the majority of the cases, the decryption keys have not been returned," added Zaki Qureshey, cyber security expert and founder of cyber security academy E2 Labs Information Security Private Limited.
Following the massive attacks, the SCSC is drafting a `Ransomware Remediation Plan' to help companies with guidelines on what can be done post a ransomware attack.