NEW DELHI: The investigation into the computer hack at Delhi’s AIIMS has pointed to the role of China-based hackers, sources said on Friday and confirmed the agencies’ initial suspicions. intelligence agency. Services remain affected at AIIMS and continue to be in manual mode.
TOI network experts talked that two groups of Chinese ransomware – ‘Emperor Dragonfly’ and ‘Bronze Starlight (DEV-0401)’ had targeted pharmaceutical organizations globally at the end of the year, but it is still working It is confirmed if the strains associated with these groups are behind the attack. Another suspicion is about a group called Life, which is considered a new variant of ransomware called WannaRen.
The investigation also revealed that the hackers may have started selling data on the dark web because their requests were not met, the source added. This raised concerns that confidential data of thousands of patients, including politicians, had been leaked. However, officials deny that any data has been compromised.
The investigation confirmed that five main servers were targeted by Chinese hackers, who then put it on the dark web. Cyber Cell of the Delhi Police said in a statement on Friday that mirror images of the affected servers have been sent to a lab for forensic analysis. Officials said AIIMS authorities and other agencies are in the process of restoring and restoring services.
In connection with reports of a ransom of Rs 200 crore in crypto being claimed by hackers, Delhi Police have issued a cryptic statement that AIIMS has made no ransom demands on them. However, Delhi Police have filed the FIR of extortion and cyber terrorism according to the complaint of AIIMS security officer.
The best from India Computer Emergency Response Team, Advanced Computer Development Center and National Informatics Center, in addition to the two intelligence agencies, managed to repair the damage caused by caused by ransomware. The sources said that the NIC electronic hospital database and application servers for the e-hospital have been restored on a large scale.
On Monday, about 1,200 systems and 20 servers were disinfected. An official said service restoration could continue until next week.
TOI network experts talked that two groups of Chinese ransomware – ‘Emperor Dragonfly’ and ‘Bronze Starlight (DEV-0401)’ had targeted pharmaceutical organizations globally at the end of the year, but it is still working It is confirmed if the strains associated with these groups are behind the attack. Another suspicion is about a group called Life, which is considered a new variant of ransomware called WannaRen.
The investigation also revealed that the hackers may have started selling data on the dark web because their requests were not met, the source added. This raised concerns that confidential data of thousands of patients, including politicians, had been leaked. However, officials deny that any data has been compromised.
The investigation confirmed that five main servers were targeted by Chinese hackers, who then put it on the dark web. Cyber Cell of the Delhi Police said in a statement on Friday that mirror images of the affected servers have been sent to a lab for forensic analysis. Officials said AIIMS authorities and other agencies are in the process of restoring and restoring services.
In connection with reports of a ransom of Rs 200 crore in crypto being claimed by hackers, Delhi Police have issued a cryptic statement that AIIMS has made no ransom demands on them. However, Delhi Police have filed the FIR of extortion and cyber terrorism according to the complaint of AIIMS security officer.
The best from India Computer Emergency Response Team, Advanced Computer Development Center and National Informatics Center, in addition to the two intelligence agencies, managed to repair the damage caused by caused by ransomware. The sources said that the NIC electronic hospital database and application servers for the e-hospital have been restored on a large scale.
On Monday, about 1,200 systems and 20 servers were disinfected. An official said service restoration could continue until next week.
