January 2023
In January 2023, India was hit by a wave of cyber attacks, including a new ransomware
strain called "BlackByte." The attacks targeted a wide range of organizations, including
government agencies, businesses, and educational institutions. The BlackByte ransomware
encrypts files on infected systems and demands a ransom payment in exchange for the
decryption key. In some cases, the attackers also stole sensitive data from infected
systems. The cyber attacks in India are part of a global trend. In 2022, there were over
10 million cyber attacks worldwide, a 10% increase from the previous year. The attacks
are becoming more sophisticated and targeted, and they are costing businesses and
governments billions of dollars each year.
Most active Ransomware : REvil , DarkSide, LockBit 3.0
India
- REvil ransomware attack on JioSaavn: On January 13, 2023, the popular Indian music
streaming service JioSaavn was hit by a ransomware attack by the REvil group. The
attack caused widespread disruption to the service, with users unable to access
their music or playlists. JioSaavn eventually restored service, but the attack
highlighted the growing threat of ransomware attacks in India.
- BlackByte ransomware attack on Infosys: On January 20, 2023, the Indian IT giant
Infosys was hit by a ransomware attack by the BlackByte group. The attack affected
Infosys's internal systems and caused some disruption to its operations. Infosys
eventually recovered from the attack, but the incident highlighted the growing
threat of ransomware attacks to India's IT sector.
- DDoS attack on Indian government websites: On January 26, 2023, India's Republic
Day, a number of Indian government websites were hit by a distributed
denial-of-service (DDoS) attack. The attack caused the websites to go offline for
several hours. The DDoS attack was likely carried out by a group of hackers who were
protesting against the Indian government.
- Hack of the Indian Railways' IT systems: On January 15, 2023, the Indian Railways'
IT systems were hacked. The hackers gained access to the Railways' IT systems and
stole sensitive data, including employee data and travel records. The hack caused
significant disruption to the Railways' operations.
- A Ransomware attack carried out by a group known as DarkSide, targeted businesses in
a variety of industries, including healthcare, finance, and hospitality in Dubai.
The hackers demanded a ransom payment of $10 million in Bitcoin in exchange for
decrypting the affected files.
Middle East
- Dubai : A ransomware called LockBit 3.0 targeted businesses in the region of Dubai.
The ransomware encrypts files on infected systems and demands a ransom payment in
Bitcoin in order to decrypt them. The LockBit 3.0 attack on Dubai is a reminder of
the growing threat of ransomware attacks in the Middle East. In recent years, there
has been a significant increase in the number of ransomware attacks targeting
businesses in the region. This is due in part to the fact that many businesses in
the Middle East are still using outdated security systems that are vulnerable to
attack.A ransomware attack on the Dubai Municipality by REvil, Dubai International
Financial Centre by DarkSide, and Dubai-based airline by LOckBit,are the other
examples.
- On January 10, a ransomware attack on the Saudi Arabian Ministry of Health caused
widespread disruption to the country's healthcare system. The attack is believed to
have been carried out by the Maze ransomware group.
- On January 15, a cyber attack on the Saudi Arabian National Oil Company (Aramco)
caused a temporary disruption to the company's operations. The attack is believed to
have been carried out by the DarkSide ransomware group.
- On January 20, a cyber attack on the Saudi Arabian Ministry of Finance caused
widespread disruption to the country's financial system. The attack is believed to
have been carried out by the REvil ransomware group.
UK
- Royal Mail: On January 12, 2023, Royal Mail was hit by a ransomware attack that
disrupted international shipping services for five days. The attack was carried out
by an affiliate of the LockBit ransomware group.
- The Guardian: On January 17, 2023, The Guardian was hit by a ransomware attack that
impacted all areas of its IT infrastructure. The attack forced staff to work from
home until at least the end of February 2023.
- NHS Tayside: On January 20, 2023, NHS Tayside was hit by a ransomware attack that
affected its IT systems. The attack forced the health board to cancel some
appointments and divert patients to other hospitals.
- Manchester City Council: On January 24, 2023, Manchester City Council was hit by a
ransomware attack that affected its IT systems. The attack forced the council to
cancel some services and divert staff to other departments.
- NCB Management: On February 1, 2023, NCB Management was hit by a ransomware attack
that stole almost one million financial records. The attack was carried out by a
group known as FIN7.
- JD Sports: The UK sportswear retailer JD Sports was reportedly hit by a data breach
in January 2023 that exposed the personal data of up to 10 million customers. The
data included names, addresses, email addresses, and phone numbers.
