Ransomware hits Goa Water Resource Department's flood monitoring system

The flood monitoring system in Goa, under the Water Resources Department (WRD), was reportedly hit by ransomware attackers, who have demanded a ransom in bitcoin, a cryptocurrency, in exchange for decryption of the WRD’s data.

The department stated in its complaint to the Cyber Crime Cell of Goa Police that all its files have been encrypted and can no longer be accessed. The attack was launched easily, due to the absence of antivirus and outdated firewalls in the system.

“The server has been attacked by some ransomware. All files are encrypted with an ‘eking extension’ and cannot be accessed. In a popup-and-stored file, the attackers have demanded bitcoin in exchange for decryption of the data,” the complaint filed by executive engineer Sunil Karmarkar on mentioned.

“The attack was carried out on June 21, 2022, between 12 am and 2 am. The integrity of the data has been altered, making it impossible to back up the previous data. The server works 24x7 on the internet line,” it added.

Also read: Indian companies in ransomware group’s radar, claims report

The complaint further stated that the data centre server in Panjim was storing data of the flood monitoring system at 15 locations on major rivers in Goa, to monitor flood levels in rivers as part of disaster preparedness and management. As a result of the hacking, the department can now no longer access its data related to battery voltages of different stations, data packets related to 12 stations, has lost all its old data which can now no longer be backed up locally, and has also lost real time data of the rivers currently in spate owing to the ongoing vigorous monsoon activity across the state.
While it is not known if the affected system is disabled, but investigators said that the breach is severe.

In recent months, a slew of cyber security attacks on critical infrastructure have alarmed the nation, as cybersecurity company Trellix Threat Labs observed a 70% increase in ransomware activity in India in the January-April quarter alone. The report also noted that over half of these threat activities originated from Chinese and Russian-backed groups like APT29 have continued to greatly increase their activity in 2022.

In April, Oil India's (OIL) system in Assam suffering a major cyber-attack, with hackers demanding $75,00,000 in crypto. In subsequent months, more attacks hit various government entities, including the Indian Embassy in Israel, National Institute of Agriculture Extension Management and the e-portal of the Indian Council of Agriculture Research, to name a few.

A Verizon Business 2022 Data Breach Investigations Report also mentioned an alarming rise in ransomware breaches globally, including India, which increased by 13% in the past one year, representing a jump greater than the past five years combined. The report added, while heightened geopolitical tensions are driving increased sophistication, visibility, and awareness around nation-state affiliated cyber-attacks, the emergence of Ransomware as a Service (RaaS) and the adoption of cryptocurrency could be a contributing factor as well.