Ahemdabad: When a team of experts from the National University of Forensic Sciences (NFSU) reviewed the ransomware file logs at a city hospital after a cyber attackthey were shocked: the file execution, which took place at 2 am, had been in the system quite a bit since March!
“The latest attack was found to be Phobos-class ransomware, which has been around since 2018 and is continually evolving. According to our information, in the past month, there have been two major attacks against hospitals and a major pharmaceutical company. Of the three cases, an FIR has been filed for only one,” said a senior cyber cell official.
“There could have been more such attacks, but companies are often afraid to report such incidents for fear of infamy and a change in the company’s security perception,” he added.
Sources familiar with the investigation said a delay cyber attack not uncommon, but fewer such cases have been reported in Gujarati until now.
“These tactics are used by attackers when they want to cover a very large ground and infect side systems. As seen in this case, even backup servers were infected. It is possible when the root directory is controlled by attackers and cyber security . does not detect the impending attack,” said a cyber security expert.
NFSU The sources said that while the system is up and running after a few days of the incident, the data decryption is still ongoing. In most cases, decryption poses a great challenge. The hospital administration has been advised to adopt cloud storage to guard against such incidents in the future.
Sunny Vaghela, chief executive of a city-based cybersecurity firm, said healthcare remains a major target for national and international hackers due to the huge database of hospitals and pharmaceutical companies keep.
“They often threaten to publish the data on the dark web or sell it for a price. Better safe than sorry, and here too, the demand for penetration testing is on the rise. Firewall breaches and delayed ‘payload’ activation of ransomware indicate that active cyber security measures remained ineffective. There could be many reasons for this, including pending system updates or the absence of real-time warnings,” Vaghela said.
“After educational institutions, the health sector is in the crosshairs of hackers, and after last year’s attacks on AIIMS and Safdarjung hospitals, the sector has drawn attention,” he added.
