Cyber Incident Victim: Mumbai, India

On January 19-21, 2022, unidentified hackers compromised the server of a garment manufacturing company based in Worli, Mumbai, encrypting confidential business data and rendering it inaccessible to employees. The breach was discovered when an employee attempted to access the server and found the data unusable, prompting immediate notification to the firm's internal IT team. A preliminary technical investigation confirmed unauthorized access to the server infrastructure and the encryption of sensitive operational information by external threat actors. The attackers subsequently escalated the incident into an extortion scheme by sending a ransom demand to the company’s accountant, Kishore Wamanpur, via email. This communication explicitly demanded payment of $1,350 (equivalent to approximately ₹100,000 at the time) in Bitcoin cryptocurrency as a condition for restoring access to the encrypted data. The attackers did not disclose additional motives or threaten data leakage beyond denying the company access to its own systems.

The company formally reported the incident to the NM Joshi Marg police station, leading to the registration of a First Information Report (FIR) under Section 385 of the Indian Penal Code (extortion) and Sections 43 (penalty for damage to computer systems) and 66 (computer-related offenses) of the Information Technology Act. Law enforcement officials publicly confirmed the temporal window of the attack and the operational disruption caused by the data encryption but did not disclose technical specifics regarding the attack vector or malware used. No information was released regarding whether the ransom was paid, whether decryption keys were provided, or the duration of business interruption. The case remained under active investigation targeting unidentified perpetrators at the time of public reporting, with no subsequent resolution details available in the provided source material.