The Trend of Cyber Attack and demand of Ransom, had seen a little lull, post the COVID lockdown of June 2021. The laxity that has set-in into the IT systems across the globe, has made the proposition among State and Non-State Actors more hype-active. The Critical Infrastructure of all nations are the first to be targeted. This is done by the Machiavellian elements to gain Popularity and also to ensure that ‘Big Money’ is made available to the attacker.
As reported through an FIR filed under various sections of the Indian Penal Code (IPC) and the Information Technology (IT) Act, 2000 based on complaints by officials of Oil India Limited (OIL); it has been reported in the media that a Cyber Attack has resulted in the infection of the certain computer systems of Oil India Limited (OIL). The international hackers is reported to have hijacked the main computer system of the OIL following which apprehensions are high that several key information and other data may be at risk.
The hack on Colonial Pipeline Limited of the US in May 2021 is being seen as one of the most significant attacks on critical national infrastructure in history. The very fact that the Business of the Oil/Gas Pipeline in the US was more driven by automated process, and the organisation’s internal network is what was seen to be most vulnerable and it being targeted by a cyber-attack, then the pipeline itself is vulnerable to malicious attacks.
India, because of its vast Population, is among the most developing countries to adopt technology and IT enabling of its infrastructure and processes; especially the Critical Infrastructure. The Information Technology Act (IT Act) of India, vide its provisions of Section 70, provides an additional layer of protection under the Law. India has also by these provisions maintained NCIIPC, The National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under the scope of Section 70A of the Information Technology Act, 2000 (amended 2008), based at New Delhi, India. The NCIIPC has been designated as the National Nodal Agency for the protection of Critical Information Infrastructure of the country. It is a unit of the National Technical Research Organisation (NTRO) and therefore comes under the Prime Minister’s Office (PMO). The Mission of NCIIPC is “To take all necessary measures to facilitate protection of Critical Information Infrastructure, from unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction through coherent coordination, synergy and raising information security awareness among all stakeholders.”
The Oil India Limited (OIL) Ransomware Attack
In a recent news report, it has been reported that Oil India Limited (OIL) has fallen prey to a Cyber Attack and that its Headquarters at Duliajan, India, has been hacked and a Ransomware inserted into the computer system. The attacker has also placed a demand for $75 million USD (roughly Rs 571 crores) in Bitcoin. The Attack has also caused additional loss due to the cyberattack, as the business has been seriously affected through the IT system, Oil India‘s Manager for Security Sachin Kumar said in the police complaint. The attack has been seen to have been a planned and a well-executed attack which has been done after extensive reconnaissance. The attack was only detected on 11 Apr 2022, when a note for a demand of $7.5 million USD ransom, was prompted from a local computer. It is obvious that the OIL systems including server, network, and other related services of the company have been affected. Certain traces suggest that the attack on the systems and the encryption activity was completed by the attacker on 10 Apr 2022.
A senior Assam Police official was quoted by PTI as saying that they registered a case under the various sections of the IPC and IT Act. Oil India Spokesperson Tridiv Hazarika told PTI that the company is working to repair the systems in phases, but it will take time. “Our online systems are down and we are working offline. The drilling and production work has been unaffected. The data are being saved offline now and it will be uploaded later when the IT system will run again,” Hazarika was quoted as saying.
It is also reported that all the computers and IT systems have been shut down to safeguard against further spread of the cyber-attack. Meanwhile, it is also reported that the team at OIL have also roped in agencies to deal with the crisis.
What is Ransomware Attack
A Ransomware attack is a technique in which the attacker uses a software to encrypt the data by making an intrusion and the recovery is through a key provided by the attacker or by intelligent methods by the organisation/victim that can recover deleted/encrypted files in the IT Systems. During a ransomware attack, your actual files will be deleted by the malware and will be replaced by an encrypted replica. That gives you a chance to retrieve lost data by using a data recovery software.
Steps in a Typical Ransomware Attack
The typical steps in a ransomware attack are:
- Infection: After it has been delivered to the system via email attachment, phishing email, infected application or other method, the ransomware installs itself on the endpoint and any network devices it can access.
- Secure Key Exchange: The ransomware contacts the command-and-control server operated by the cybercriminals behind the attack to generate the cryptographic keys to be used on the local system.
- Encryption: The ransomware starts encrypting any files it can find on local machines and the network.
- Extortion: With the encryption work done, the ransomware displays instructions for extortion and ransom payment, threatening destruction of data if payment is not made.
- Unlocking: Organizations can either pay the ransom and hope for the cybercriminals to actually decrypt the affected files, or they can attempt recovery by removing infected files and systems from the network and restoring data from clean backups. (Unfortunately, negotiating with cyber criminals is often a lost cause as a recent report found that 42% of organizations who paid a ransom did not get their files decrypted.)
How can ransomware attacks be prevented?
Effective ransomware prevention requires a combination of good monitoring applications, frequent file backups, anti-malware software, and user training. Although no cyber-defenses reduce risk completely, you can greatly limit the chance attackers will be successful.
About Oil India Limited (OIL)
Oil India Limited (OIL) is a fully integrated Exploration & Production company in the upstream sector, with origin dating back to the glorious year (1889) of oil discovery in India. A Navratna Company, OIL is a state-owned enterprise of the Government of India, under the administrative control of the Ministry of Petroleum and Natural Gas and is the second largest national oil and gas company in India. The company operates a 1157 Km long crude oil pipeline in the North East for transportation of crude oil produced by both OIL and ONGCL in the region, to feed Numaligarh, Guwahati, Bongaigaon and Barauni refineries and branch line to feed Digboi refinery. Besides its crude oil trunk pipeline, OIL had also commissioned a 660 Kms long product pipeline from Numaligarh Refinery to Siliguri.