Ransomware attack: Ammo, rocket audits & engg plans on sale on the dark web | Nagpur News

Nagpur: A hackers group, BlackCat or ALPHV, launched a ransomware attack on an industrial explosives manufacturer based in Nagpur that also supplies critical ammunition and explosives to the Indian Army. Classified information like drawings, engineering specifications and audits of Pinaka rockets, Brahmos, Akash, several warheads, mines, bombs and other sensitive defence products have ended up on the dark net for the highest bidders to buy. The hackers claim to have stolen 2TB data from the company’s server at Nagpur.
Though an offence was registered and agencies started acting on war footing, some of the material has appeared for sale on the dark net.
News websites first reported that the audit reports of many weapons, including Rocket Pinaka MK-1, ADM-1, propellant Pinaka MK-II Enhanced, propellant Pinaka MK-2 Guided, and such detailed information was stolen. Online media also underlined that the details of warhead composition, technical power, company’s contract with the Army and other customers, blueprints and engineering details of many weapons, explosives, boosters, propellant and bombs were among the stolen data.
Unconfirmed sources said records from cameras, office backups, audit reports of flaws and vulnerabilities were also compromised. Even detailed information about armament supply chains to various sources was stolen. The personal information about employees and management of the company too was laid bare.
An offence was registered at the city Cyber police station, invoking sections of extortion under the Indian Penal Code (IPC). The case is now set to be handed over to the Central Bureau of Investigation (CBI).
After the matter came to fore, senior officials of ministry of defence, home affairs, and intelligence agencies assembled in Nagpur and are monitoring the case now. It’s learnt company officials learnt about the hacking on January 21 on receiving threats that the data would be sold. The security agencies were immediately alerted.
After the monetary negotiations with the hackers failed, the hacker group immediately flashed the most sensitive stolen data on the dark web, inviting bidding ‘within 24 hours’ and asked interested persons to approach them through file-sharing communication platform TOR.
The aid company had started as a manufacturer of explosives for the mining industry. Over the last 10 years, it has diversified into making defence explosives also and emerged as the leading private player in making ammunition. The defence business is undertaken through its fully owned subsidiary.