Ransomware Attack on PTI: News Publishing Down For Several Hours

New Delhi: So far only big corporate houses were feeling threatened with high-tech ransomware attack but now cybercriminals are targeting big media outlets as well. The latest ransomware attack was carried out on India’s biggest news agency — Press Trust of India (PTI).

The news agency spokesperson has confirmed that it suffered an attack from ransomware called LockBit. It disrupted operations and the delivery of news to hundreds of subscribers across India for several hours before they were restored after an all-night effort by engineers.

PTI officials said that the attack took place around 10 PM on Saturday, infecting almost all the servers of India’s premier news agency. The virus encrypted all data and applications, forcing the stoppage of news delivery to PTI subscribers. The ransomware, through a computer screen message, demanded ransom to provide a key to decrypt it.

LockBit is one of several ransomware variants used for not only encrypting victims’ data but also for exfiltrating that data to extort targets into paying the ransom to avoid having the data released.

The origin of the virus is not known, and it was not clear if it was a malicious and deliberate attack or a random attack. LockBit is atypical in that it’s driven by automated processes for quick spreading across the victim network, identifying valuable systems and locking them up. LockBit avoids detection by many security tools, and it leaves a few forensic traces.

Cyber experts have warned that attacks have increased worldwide and India is becoming one of the favourite targets from the cybercriminals. Growing internet penetration and digitization of process in India have made it one of the biggest markets in the work and cybercriminals are trying hard to cash on this opportunity. A survey by cybersecurity firm Sophos highlighted that ransomware attacks have increased worldwide over the years, with 82 per cent of Indian companies surveyed saying they were hit by such attacks between January and June this year.

The 420 recently reported about massive ransomware attack on the server of Haldirams and Mithaas sweet. Cybercriminals not only stole the data but was demanding huge money to unlock the encrypted files. Earlier this week Indian drug major Dr Reddy’s Laboratories had to temporarily shutdown production across its key plants due to a major cyberattack on their digital infrastructure. They also isolated all data center services and are taking required preventive actions.