Ransomware gang demands $500,000 from GMDC

Ransomware gang demands $500,000 from GMDC
Ransomware gang demands $500,000 from GMDC

The Medusa ransomware gang took control of administrator rights, and allegedly hadaccess to Office365 users’ emails including the attached documents

The vulnerability of state government data networks, came to fore recently, after a ransomware gang breached the Gujarat Mineral Development Corporation (GMDC) data network on April 1. The ransomware gang called ‘Medusa’, first published on its blog, ‘Medusa Blog’ on March 23, privy to hacker networks, that they were in possession of several GBs of sensitive data belonging to GMDC’s office in Ahmedabad and had compromised the ‘admin’ of the network. Medusa ransomware demanded $500,000 as ransom by April 1, from GMDC to decrypt the documents.

A sample 26-minute video shows the categories of documents available to them following the breach. They warned GMDC that the data will be published on the dark web for sale — a doubleextortion model, opine network security experts.

The Medusa ransomware gang took control of administrator rights, and allegedly hadaccess to Office365 users’ emails including the attached documents. There were lists of corporate business clients with whom GMDC is in business, maintenance contracts for a power plant, several tender documents that are in process of being formulated, infrastructure evaluation report conducted by Schneider Electric for GMDC, several IP addresses of employees and their devices, employees’ personal details and even pictures related to an awareness drive and personal documents of a network engineer.

“An information security incident has occurred at GMDC and it has immediately isolated its core IT assets,” said managing director, GMDC, Roopwant Singh. He added, “GMDC has already begun a detailed investigation in this matter and has taken appropriate remedial actions. There was no loss of critical data. Our lignite dispatch was interrupted for a few days. And we extended the allocation cycle to avoid inconvenience to registered clients for lapsing of payments.”

“The name ‘Medusa’ is tied to malware families and botnets, but this particular Medusa has been operating since at least 2021,” said senior staff research engineer at Tenable, Satnam Narang. Experts like Ritesh Bhatia, a Mumbaibased cybercrime investigator and data privacy consultant warns that ransomware attack has moved into a heinous new phase — the triple extortion phase, where they even reach out to clients or customers in the list and threaten them of making their data public.

Also readTo Foster Innovation, Technology Leaders Must Align with Enterprise Strategies

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics