A Russian malware planted from a server in Nigeria was used for a recent cyber-attack on Oil India’s (OIL) system in Assam’s Duliajan, which had brought down the PSU major’s network, a top police official said on Friday.
According to the newindianexpress. com, OIL system is yet to be restored completely even after 10 days of the incident, they added. A top police official, who wished not to be named, told PTI that their investigations indicated the cyber attack was carried out from overseas.
He said: “We have found that a Russian malware was used in it. And someone, individual or group, planted it from Nigeria.”
“We are working out the details and also ascertaining whether it was planned attack or a random one that hit OIL,” the official added. The cyber-attack took place on April 10 on one of the workstation of Geological and Reservoir department of OIL, but it was intimated by the IT department on April 12.
The OIL server, network and other related services were affected as a result. The cyber attacker had demanded $ 75,00,000 (over Rs 57 crore) as ransom through a note posted on the infected PC. When contacted, OIL spokesperson, Tridiv Hazarika, told PTI that different government agencies were carrying out the investigation into the incident.
“Whether it’s a random virus attack or one by typical cyber criminals – domestic or international, we will know after investigation,” he said.
Besides, Assam Police and Intelligence Bureau, experts from CERT-In and NCIIPC are helping in the probe, he added. These two organisations deal with cyber-security related matters, including probing against hacking and phishing attacks.
Hazarika said: “The government is taking it very seriously and doing a thorough probe.” He said systems are being restored phase-wise and many computers are already functioning.
Operations were not affected at any stage of the cyber-attack, the spokesperson added.
OIL had approached the Dibrugarh Police on April 13, which registered a case under section 385 of the Indian Penal Code (extortion) read with sections 66 (dishonesty and fraudulence) and 66F (cyber terrorism) of the Information Technology Act, 2000.