The strange case of cyber attack on AIIMS by unknown hackers is linked to a neighboring country of India as agencies have found an IP address from there, though officials claim it could be false as it was bounced through a VPN. could be done.
“It is suspected that the ransomware landed in the system a few months back and collected the data. Later, the hackers ran code to encrypt the main interface and back-up servers as well. These servers contained all the patient data that AIIMS collects for various purposes. It is also suspected that the hackers entered through a link that was sent to a gaming or similar site and was clicked by one of the employees,” a senior official told News18.
According to source, the hackers encrypted the servers and demanded a ransom to decrypt them. Delhi Police and AIIMS have not denied the development and since day one the premier hospital is terming it as ‘ransomware’.
Officials said the reason the experts took time was that the hackers had infected not only the main server but also the systems of other AIIMS centers in Delhi.
Asked how the hackers got in, an official said: “It was like entering an open field. Anyone can enter (any system) from anywhere. The hackers entered from the primary server and so on. They went into the back-up servers and encrypted them so that no one except them could access the data. That’s why the services were shut down because all those servers had data.”
The official also said that the primary IP address accessed by the Indian agency is from a neighboring country, but it could be to fool the agencies.
“The IP addresses accessed by Indian agencies are bounced by Virtual Private Networks (VPNs). It appears that a secure VPN was used and bounced to change the IP address so that the agencies could not access the real server immediately.’
According to sources, apart from the Delhi Police, officials from Ministry of Home Affairs, Ministry of External Affairs and Ministry of Electronics and Information Technology have already been roped in. The National Investigation Agency (NIA), the Central Bureau of Investigation (CBI) and the Intelligence Bureau have also been appointed to investigate the cyber attack on India’s premier medical institution.
A meeting was called by the Ministry of Home Affairs on Tuesday evening to discuss the incident in which all investigative and intelligence agencies took part. Sources said other institutions also have similar lapses and have been asked to take action to prevent such attacks.
Hackers' IP address in AIIMS ransomware attack belongs to a neighbor of India, role of insider will be probed