Pic Source : today ng
An anonymous hacker group took down Haryana government’s automatic meter reading system. This system was under
the Haryana Power Utilities department (UHBVN). This seems to be a ransomware attack as it is clear from the fact that
the hackers are demanding bitcoins worth rupees one crore from the government in exchange of decrypting the enormous stolen billing data and regaining the authority access to the AMR system.
According to the sources, this cyber attack took the data of twenty six lakh individuals of nine districts namely Panchkula,
Kurukshetra, Karnal, Ambala, Yamunanagar, Sonepat, Panipat, Rohtak, and Kaithal which were being monitored by the
UHBVN. The attack was recorded around midnight of 21st March and the authorities saw a message demanding the
ransom on the 22nd morning.
The Panchkula police have registered a case considering the harm done to the government property under the IT Act
and IPC sections. As per the officials, the police and cyber experts are investigating the case and tracing the hackers by tracking the IP address from the location of initiation of the attack. But generally, it has been observed that the hackers who are capable of attacking a system to this level can easily spoof their location and IP addresses making it troublesome for the officials to catch them.
Impact of the attack
The officials of UHBVN said that the data of around four thousand commercial and industrial consumers remain unaffected as their backup already exists with the Haryana Power Utilities Department. The proceedings of these businesses remain unaltered. But unfortunately, this was not the case with others, whose database has fallen victim to encryption by the hackers. The cyber experts, police and the white hats took a look at the situation and have cautiously migrated the encrypted database for further recovery and an FIR has been lodged by the Haryana Police. The official also said that UHBVN took the measures of upgradation of the AMR system by implementing the latest cloud technology which will be used by the end of May 2018.
It is essential for the government to retrieve the stolen data by any means because the billing data such as the logs and
the addresses are at stake. That means that the UHBVN is on the verge of losing the data and the previous records of
This kind of hack attack was observed for the first time in the country. Until now, the hackers used to take down government websites and portals. But this time, they are demanding a ransom in exchange for the encrypted data. An year ago, there was a wave of malwares such as the WannaCry ransomware which affected many individual internet users of the world including India. This cyber attack seems to be inspired by that.
What might be the possible reason for this hack?
The experts give an opinion that this information breach happened because of use of unprotected database Mongo DB
and different exploits and vulnerabilities of its servers. A well-known example of such attack on the international level
was the Mongo DB Honeypot Attack.
Author: Yogesh Prasad
Ethical Hacker, Information Security Consultant, Entrepreneur, Founder – Hackers Interview