Ransomware group Stormous targeted and stole sensitive data of several Indian companies including Cement Corporation of India Limited, and New Delhi-based rental and services firm First Floppy, shows a new report by CloudSek.
The group has also claimed to have breached sensitive internal data belonging to private sector bank, IDFC First, and multinational industrial conglomerate Godrej Group – both of which took place in January this year, according to CloudSek.
Services of the First Floppy website appeared to be functional and in working condition at the time of publishing of the report.
A ransomware is a specific strain of malware, or code written to breach a computer that’s connected to the internet. Using ransomware, hacking groups can block a user’s access to a single computer, or an organization’s access to their entire information technology (IT) infrastructure. Typical hacking groups have used ransomware to rake in financial gains, prompting companies around the world to look for ways to mitigate this threat with additional data backups, cyber insurances and managed security services.
Stormous, according to CloudSek, has also claimed to have hacked the source code of First Floppy’s website, and gained access to sensitive information. In previous cases, sporadic sources claimed that Stormous succeeded in stealing information such as bank statements and identification details from IDFC First, while similar internal data was also stolen from Godrej Group. For the latter, CloudSek said that the ransomware group demanded a payout of $700,000 (approx. Rs 5.5 crore).
Neither IDFC First nor Godrej Group issued any statements regarding the alleged breach.
Stormous is believed to be a pro-Russian ransomware group that has previously claimed to have stolen over 160GB of sensitive data from within global beverages company Coca-Cola. The company had, in April, demanded a ransom of close to $65,000 in Bitcoin, for anyone interested to buy the data dump from their dark web store.
While Coca-Cola said in April that it was investigating if it did face a data breach, cyber experts had raised questions regarding the veracity of Stormous’ claims. Many had suggested that the group might be exaggerating its claims, led by the considerably low price at which they were willing to sell the hacked data trove.
In India, ransomware attacks have seen an uptick in recent times. On May 27, Indian private airline, SpiceJet, acknowledged that it faced ransomware attacks that led to numerous flight delays and cancellations through the following day.
In an interview with Mint last month, N. Raman, chief information security officer (CISO) at public sector undertaking (PSU), Oil and Natural Gas Corporation (ONGC), said that an increasing demand to connect a company’s critical operational infrastructure – such as oil rigs for an oil exploration company – is leading to a naturally expected rise in cyber attackers looking to exploit this opportunity.
Numerous cyber security reports have also highlighted the same. In March this year, US-based cyber security Palo Alto Networks said that through last year, the volume of ransomware attacks on Indian companies have tripled year-on-year – demonstrating the clear threat to data security that modern ransomware tools pose for enterprises that are increasingly digitizing their efforts.