Delhi Police seek help from CBI to get the details of AIIMS chinese hacker from the INTERPOL.
As per the recent development on AIIMS cyberattack case, Delhi Police seek the help from CBI to get the details of the IP addresses of the AIIMS Chinese hacker’s email IDs from Interpol. As CBI is the nodal agency, the letter has been written to them, said Delhi Police.
During the investigation of the AIIMS cyberattack case, the investigation team traced the IP address of the email account of the hackers and found that the IP addresses were based in the Hong-Kong, China. So further details have been sought which can be obtained from companies in China and Hong Kong.
The Intelligence Fusion and Strategic Operations (IFSO) unit of Delhi Police has written to the CBI asking them to get details from Interpol about the IP addresses of the email IDs from Henan in China and Hong Kong that were used in the infiltration of the server in AIIMS, Delhi.
Development So Far
Last month on 23rd of November, All India Institute of Medical Sciences Delhi faced a cyberattack which infiltrated and compromised its 5 servers. After the breach in the security system, Two of the analysts have been suspended for the violation of cyber security. who were assigned to monitor the security of the servers.
AIIMS authorities issued a statement, stated that the e-Hospital data has been restored. “The e-Hospital data has been restored on the servers. The network is being sanitized before the services can be restored. The process is taking some time due to the volume of data and the large number of servers/computers for the hospital services. Measures are being taken for cyber security,” the officials said.
Agencies took over the case
Internet services were blocked by the investigating agencies. The Computer Emergency Response Team (CERT-In), Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, CBI, and National Investigation Agency, are investigating this cyberattack.
Investigation So Far
According to sources, the attackers used the email service Protonmail. CERT-In, the country’s topmost cybersecurity agency, has found that the hackers had two Protonmail addresses – “dog2398” and “mouse63209”.
CERT-In found that ‘dog2398’ and ‘mouse63209’ were generated in the first week of November in Hong Kong and another encrypted file was sent from China’s Henan.The targeted servers were infected with three ransomware: Wammacry, Mimikatz and Trojan.
As per the latest development, further details have been sought from companies in China and Hong Kong.
Government’s Take On AIIMS Cyber Attack
The Ministry of Health and Family Welfare (MoHFW) said that the ransomware attack on the servers of the All India Institute of Medical Sciences in Delhi originated from China. As per the reports of ministry, out of 100 servers of the hospital, of which 40 were physical and 60 virtual, 5 physical servers were infiltrated by hackers, but data from them has been successfully recovered.
FIR has been registered against the Chinese hackers for extortion and cyber terrorism by IFSO unit of Delhi Police on November 25.
Obstruction due to Attack
The cyber attack derailed the many activities at AIIMS, with OPD registrations, appointments and blood sample reports being halted at the institute. While AIIMS was able to resume some of its services, records were being kept manually resulting the delays and inconvenience to medical personnel and patients.
Need of the hour
The cyberattacks would take place at any institution because of some serious vulnerabilities in the system.
To tackle these attacks, Institution should have a hierarchical digital structure rather than a flat digital structure. As in a hierarchical structure, you would have a built-in backup redundancy for each level and if attacks persist, it affects only one of the hierarchy levels.
Due to advancement in technologies, It is quite difficult to cope with these attacks but large institution can take measures by own its dedicated cyber cell for tackling these attacks. After introducing the cyber security cell in their premises, servers are less vulnerable to the attacks. The new Cyber security cell will ensure the SoP for the use of both intranet and internet. There would be certain prohibited sites, which the system will not permit you to download from because those sites are the most popular means of infecting your computers and through your computer network.