Indore: Pharma Laboratory Hit By Ransomware Attack, Encrypted All Data And Demanded A Ransom For Restoration

Indore (Madhya Pradesh): A city-based pharmaceutical laboratory company allegedly fell victim to a ransomware attack in which unidentified hackers breached the company’s server, encrypted all its data and demanded a ransom for its restoration.

The breach came to light when the company’s IT in-charge discovered that the entire system was locked and all data was inaccessible. A message appeared on the main server’s screen stating, “Your data has been stolen. If you don’t pay the ransom, your data will be published.” Two email addresses were also displayed.

According to the police, Vishal Tiwari, the General Manager (GM) of Choksi Laboratories Limited, lodged a complaint stating that on May 22, the officer in charge of the company's IT department, Nitin Khore, informed him that none of the systems were functioning. The entire system was locked, and it appeared that an unknown person had hacked the company’s main server. A message in English was displayed on the server screen saying, “Your data has been stolen. If you do not pay the ransom, then your data will be published by me.”

ProtonMail and CockMail IDs—MichaelEhoseal1982@cock.li and MichaelEhoseal1982@protonmail.com—were shared in the message. It is suspected that the user of these IDs was responsible for hacking the company’s main server.

Police registered a case against the unidentified accused under section 308(2) of the BNS and section 65 of the IT Act. Further investigation is underway.

Ransomware malware can hide itself within files and memory to avoid detection

Additional DCP (Crime Branch) Rajesh Dandotiya said that a ransomware attack is a dangerous form of cyber-attack wherein cybercriminals use malicious software to encrypt a victim’s data, rendering it inaccessible, and demand a ransom in exchange for the decryption key.

The ransomware can conceal itself within files and memory to evade detection, making it difficult to trace. In this case, the cybercriminal locked the data using the malware and took control of the server, demanding a ransom to unlock it.