Hackers take over power billing records of Indian state; demand ransom

Hackers take over power billing records of Indian state; demand ransom

The AMR system (automatic meter reading system) of Uttar Haryana Bijli Vitran Nigam (UHBVN) (Haryana power utilities) in Panchkula, India became a victim of cyber-attack by unknown hackers last week.

The New Indian Express (TNIE) reports that hackers stole billing data from UHBVN computer systems and are demanding 1 Crore Indian rupee ($153,800) in Bitcoin from the state government for decrypting the files and restoring access to the AMR system.

The case has already been filed in Sector 5 Police Station of Panchkula under several sections of the Indian Penal Code and the IT Act but TNIE hasn’t named the sections in its report.

UHBVN, one of the two power discoms in Haryana, monitors electricity billing of nine Haryana districts. The hack attack occurred on 21 March at exactly 17 minutes past midnight. Hackers uploaded a ransom message on the UHBVN head office computers.

More: Hackers leave ransom note after wiping out MongoDB in 13 seconds

According to TNIE, On 22 March, when the computers were turned on, the ransom message got displayed on the screens narrating the demands of the hackers. Soon after the attack was identified, concerned officials, IT and cyber-security experts collectively conducted full system study and found that the database was encrypted.

The attacked ARM system was installed, operated and managed by Tata Consultancy Services Ltd (TCS). It was installed in 2011 and since then the electricity billings of the 9 districts namely Ambala, Karnal, Kaithal, Kurukshetra, Panchkula, Panipat, Sonepat, Rohtak and Yamunanagar were managed by this system.

Haryana Police officials claim that cyber-experts at the department are currently investigating the incident and trying to track the IP address to identify the origins of the attack. However, experts suspect that it may not be an easy feat to pull off considering that the IP address can be modified in merely seconds so the attacker(s) might have faked the IP address. According to the officials, no billing data was lost because a backup was already present and consumer billings remain unaffected too.

Nigam officials are now uploading the billing data from the log books and some of it already has been uploaded. Reports though claim that the UHBVN now doesn’t possess consumers’ power bill records and just the records of the arrears remain with the facility but UHBVN officials state that none of the 4,000 industrial consumers have been affected.

More: Robots can be hacked with ransomware & curse at customers

Related Posts