NEW DELHI: The investigation into the incident of hacking of computers at Delhi’s AIIMS has pointed towards the role of China-based hackers, sources said on Friday and confirmed the initial suspicion of intelligence agencies. The services are still impacted at AIIMS and continue to be in manual mode.
Cyber experts TOI spoke with said that two Chinese ransomware groups – ‘Emperor Dragonfly’ and ‘Bronze Starlight (DEV-0401)’ had been targeting pharma institutions across the globe of late, but it was still being confirmed if strains associated with these groups were behind the attack. Another suspicion is on a group named Life, which is being considered a new variant of a ransomware called WannaRen.
The probe also suggests that the hackers may have started putting the data for sale on the dark web as their demands were not met, the source added. This has raised fears of confidential data of lakhs of patients, including politicians, having been leaked. Officials are, however, denying that any data has been compromised.
Investigation has confirmed that five main servers were targeted by the Chinese hackers who subsequently put it on the dark web. Delhi Police’s cyber cell said in a statement on Friday that the mirror images of the impacted servers had been sent to the lab for forensic analysis. The AIIMS administration and other agencies are in process of restoring and reviving the services, officials said.
Regarding reports of a ransom of Rs 200 crore in crypto currency having been demanded by the hackers, Delhi Police had given a cryptic statement that no ransom demand had been brought to their notice by AIIMS. Delhi Police, however, has filed an FIR of extortion and cyber terrorism on the complaint of AIIMS security officer.
The best of minds from Indian Computer Emergency Response Team, Centre for Development of Advanced Computing and National Informatics Centre, apart from two intelligence agencies, have been trying to salvage the damage caused by the ransomware. Sources said that the NIC e-hospital database and application servers for e-hospital have been restored to a large extent.
On Monday, around 1,200 systems and 20 servers had been sanitised. The operation to restore services may continue till next week, said an official.