KOCHI: The notorious Russian ransomware group, LockBit, has claimed responsibility for hacking into the computer systems of two Kerala-based companies. According to LockBit's dark web portal, they have targeted four Indian companies in total, including Thrissur-based food producer Double Horse and Ernakulam-based garment producer V-Star.

Other victims include Hyderabad-based pharmaceutical company Hetero and Vadodara-based automobile parts manufacturer Vikrant Group.

LockBit has shared images of bank account details, invoices, purchase orders, supply details, computer drive contents, and employee driving licenses on its dark web portal. These images suggest that the ransomware has infected individual computers or laptops of employees.

LockBit ransomware infiltrates company computers, locking systems and demanding ransom. If the ransom is not paid, the system remains locked permanently, and the accessed data is dumped on the dark web.

V-Star IT officials acknowledged the cyber attack, stating, "Our attendance system was compromised. We are fixing it, but our operations remain unaffected due to our cloud-based system." Double Horse has yet to respond. The ransom demand and deadline of May 15 have been posted, though the amount is undisclosed.

Falconfeeds.io, a private cybersecurity firm, highlighted the data breach on social media. CEO Nandakishore Harikumar commented on the breach's uncertain impact, emphasizing the need for companies to report such incidents to the Indian Computer Emergency Response Team and the police.

LockBit was behind 20% of last year's ransomware attacks, affecting international firms like Royal Mail, the UK's National Health Service, Boeing, and various banks. Despite the US FBI disrupting LockBit's dark web operations in February, the group has resurfaced with a new version, LockBit Black, intensifying its global attacks.

Last week, the US offered a $10 million bounty for Russian national Dimitry Yuryevich Khoroshev, LockBit's developer and administrator.

Reports indicate that LockBit targeted 22 Indian companies last year. Harikumar noted, "LockBit is a major ransomware operator, hacking into around 20 companies daily. They exploit system vulnerabilities, often due to outdated security measures. Last year, they claimed $120 million in ransom, often paid in bitcoin."

This latest breach underscores the critical need for robust cybersecurity measures to protect against such sophisticated threats.

Date: 15 May 2024