"Ransomware Locks Indian Flood Monitors During Monsoon Season"

A ransomware attack on a flood monitoring system in India's southwestern coastal state of Goa during peak rainy season is interfering with real-time water level monitoring. The Goa Department of Water Resources blamed an Internet-facing server's lack of antivirus software and outdated firewalls for the attack. The state agency also blamed a third-party IT contractor based in Hyderabad, writing that the company was instructed to prevent further damage, upgrade the system, and recover the data at their own risk and expense. During the monsoon season, when river and dam overflows are common in Goa and the rest of India, collecting flood monitoring data is critical. Forecasters also use historical data to build mathematical models that predict river overflows. A ransomware gang encrypted a server in a data center near Panjim, Goa's capital city. Data from 15 flood monitors located along major rivers, as well as rain gauge and other weather data, were stored on the server. Sunil Karmarkar, a water resources department executive engineer, wrote that the integrity of the data had been compromised, making it impossible to backup previous data. Files were encrypted with the ".eking" extension, a trademark of the Phobos malware group's ransomware variant. The Eking variant encrypts files using a 256-bit advanced encryption standard and is supported by an asymmetric public-private key cryptosystem. This article continues to discuss findings regarding the ransomware attack against Goa's flood monitoring system. 

DataBreachToday reports "Ransomware Locks Indian Flood Monitors During Monsoon Season"