CHENNAI: The Tamil Nadu government’s Public Department is said to have come under a ransomware attack, wherein a malware was used to encrypt computer files. It is learnt the suspect reportedly demanded a payment of $1,950 in cryptocurrency as ransom for handing over the decryption code.
The department functions directly under the Chief Secretary and deals with important matters concerning the general administration of the State. It also handles protocol arrangements relating to visits of VVIPs, VIPs, and other dignitaries, and matters of common interest between the Central and State governments, besides handling law and order issues.
While officials maintained that none of the confidential files were lost as they were handled manually, they refused to confirm or divulge the sum demanded by the hacker, and said it was immaterial. A top official from the Information Technology department confirmed the attack, and said, “We are at it and trying to get back the access.” Cyber security experts from the Centre for Development of Advance Computing (C-DAC) and Indian Computer Emergency Response Team (CERT-In) are trying to retrieve the documents.
Meanwhile, the public department has lodged a complaint with the cyber cell. “Something happened to the computers in the Special-B section,” an official said, adding that no file has been lost due to the attack. “This department maintains confidential files only in papers. For government records, normally we will be taking a backup,” he added.
Explaining how confidential files are maintained, the official said, “e-Governance or e-Office will not apply to the confidential section. Even approvals are given manually. Computers are used to key-in and take prints, and to save them in files,” he said.
‘We fear this is just the beginning’
Securin, a Chennai-based cyber security company, which investigated the attack, found one vulnerability (environment.tn.gov.in) to have been exploited by one WannaCry ransomware. It also found that over 400 public facing assets linked to the domain are vulnerable. Commenting on the investigation, Ram Movva, co-founder and chairman of cyber security works and CEO of Securin, said, “Our investigation shows very poor cyber hygiene in the State’s Public Department.
Our analysis has revealed vulnerabilities exploited by WannaCry. Over 80 assets have vulnerabilities that have Remote Code Execution and Privilege Execution capabilities.” “We fear this is just the beginning.
We have seen many government entities become targets of ransomware attacks since last year, and have warned CERT-In about the exposures that we have seen in the dark web. Continuous vulnerability scanning and an automated Attack Surface Management programme is the need of the hour for all government entities,” said Movva.
‘Very poor cyber hygiene’
Our probe shows very poor cyber hygiene in the Public Department, says Ram Movva
WannaCry under scanner
Securin, a Chennai-based cyber security company, which investigated the attack, found one vulnerability (environment.tn.gov.in) to have been exploited by one WannaCry ransomware