Ransomware hits 150 PCs at Maha Mantralaya

A virus attack has affected close to 150 computers in Mantralaya in Mumbai, hitting the functioning of Maharashtra’s revenue and public works departments.

“When one tries to access these encrypted files, the system asks the user for lock key and then asks to pay for it in Bitcoins for granting access to the files,” he said.

He added that the virus is actually very dangerous for the world of finance and corporates, wherein data related to financial accounts and other sensitive information gets locked and the user is asked to pay for the access to own data.

“The virus begins to send spam emails using the official e-mail ID deceiving the user in opening it or its mail attachments allowing the virus to enter the system,”

According to Principal Secretary, Information Technology, Vijay Kumar Gautam, “Whether it is the Government of India or Maharashtra government, there is a rule to operate on official ID. Why should the employees use private ID, while conducting the government work?”

Maintaining that all central data of the entire government across departments was safe, he said, “The quick action taken by the IT department to detect the problems helped to save other systems from the virus attack.” However, the 150 computers will be subjected to forensic tests.

Gautam believes, “The Locky attack could be a case of mistaken identity. What could the hackers get from the state government?”

Ransomware

A type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pays a ransom to the malware operators to remove the restriction.

Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying.

Ransomware typically propagates as a Trojan, whose payload is disguised as a seemingly legitimate file; thus, ransomware is an access-denial type of attack that prevents legitimate users from accessing files.

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files(called Cryptolocker). Other ransomware use TOR to hide C&C communications (called CTB Locker).

The ransom prices vary, ranging from $USD 24 to more than $USD 600, or even its bitcoin equivalent. It is important to note, however, that paying the ransom does not guarantee that users can eventually access the infected system.

Users may encounter this threat through a variety of means. Ransomware can be downloaded by unwitting users by visiting malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware are delivered as attachments to spammed email.

Once executed in the system, a ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password. In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware locks files like documents, spreadsheets, and other important files.