REVIL IN INDIA – OIL INDIA UNDER RANSOMWARE ATTACK
Approach to Cyber Security has been that of lip service, giving the feeling that everything is fine. At the very best it is a compliance issue, some checkboxes are ticked and that is the beginning and end of it. It has always been that way for them, but unfortunately, the hackers belong to a totally different league now and can attack the lame ducks at their whims and fancy. While Colonial Pipelines and JBS were hit by ransomware, we blissfully believed that it happens only in the other side of the globe. Now one of deadliest ransomware groups / gangs, REvil has made its presence felt in India through the recent attack on Oil India Limited field headquarters in Assam’s Duliajan, with computers being locked out after the ransomware attack.
There have been no learnings out of the infamous WannaCry and Petya ransomware attacks. The second one certainly impacted critical infra in India as well. In cyber security, those who refuse to learn, are thrown out of their own systems. Huge ransoms were paid in the Colonial Pipelines and JSB ransomware attacks and now a similar story at Oil India. The demand to the tune of $7.5 million is akin to the nature of ransom demands in other such cases globally. The stamp seems to be pretty clear superficially. Ransomware had hit the geology and reservoir department. The cyber attack luckily did not affect the systems connected to production and drilling. Though some of the servers and systems were impacted, as a precautionary measure, some more systems were put down and the restoration work in on.
Critical infrastructure is the Holy Grail for ransomware hackers. It gives them returns into millions of dollars. Behind every critical infrastructure is a critical information infrastructure that makes it run, the way it was designed. Investment and understanding of cybersecurity is abysmally low. Nobody is ready to accept the harsh reality that if we keep talking about returns on investment in cyber security, it might even lead to decimation. Detecting the real magnitude, the impact and the hacking group is not easy. A second hack post ransomware settlement has taken place in 36% of the cases. How was the Oil India attack discovered? Cyble Research Labs discovered a post, ”selling access to the domain network of Oil India Limited on January 12, 2022,” on a popular cyber crime forum Raidforums.
On April 20, 2022, Cyble discovered that this attack had been the handiwork of the REvil ransomware gang. REvil is a Russia based private ransomware – as -a- service (RaaS) operation. It was supposedly dismantled by the Russian Federal Security Service in January this year. While such gangs are wreaking havoc globally, we still don’t have cyber security capabilities, even within those organisations, who cannot imgine of their operations getting stalled. Given the present scenario, it is not a very distant possibility. Can CERT-IN become an NDRF is the critical question. For now, Oil India has brought in Cyber Security experts to restore the network. ”We have employed an international cyber security agency to devise a way to reboot and restore our systems. We are doing it in a phased manner and should be over in the next 4-5 days.” said Oil India PRO.
RANSOMWARE WILL BRING THE CRITICAL INFRASTRUCTURE ON ITS KNEES ONE DAY, IF WE KEEP TAKING IT LIGHTLY.