Cyber Incident Victim: Worli-based Garment Firm
Date:
Jan 2022
Location:
India
Summary
A Worli-based garment firm experienced a cyberattack where hackers compromised its server and encrypted confidential data, rendering it inaccessible to employees. The attackers demanded a ransom of $1,350 in Bitcoins via a threat email sent to the company's accountant, prompting the firm to file a police case for extortion. The incident was discovered after an employee reported server access issues, leading to an internal IT investigation confirming the breach. Authorities registered the case under relevant sections of the Indian Penal Code and Information Technology Act.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident involving a Worli-based garment firm unfolded between January 19 and 21, 2022, when unidentified hackers compromised the company's server and encrypted its confidential data. An employee first detected the breach after being unable to access critical server information, prompting immediate notification to the firm's IT team. Initial internal investigations confirmed unauthorized access to the server infrastructure, with attackers deploying encryption tools to lock the organization out of its own operational and business data. The attackers subsequently escalated their intrusion by sending a direct extortion demand to the company's accountant, Kishore Wamanpur, via email. This communication explicitly demanded payment of $1,350 (equivalent to approximately ₹1 lakh at the time) in Bitcoin cryptocurrency as ransom for decrypting the compromised data. The attackers leveraged the encrypted data's inaccessibility to pressure the firm into compliance, directly impacting daily operations by restricting employee access to essential business information.
In response to the confirmed breach and extortion attempt, the garment firm formally reported the incident to the NM Joshi Marg police station, resulting in the registration of a First Information Report (FIR) against unidentified perpetrators. Legal charges were filed under Section 385 of the Indian Penal Code (pertaining to extortion) alongside Sections 43 and 66 of the Information Technology Act (addressing unauthorized computer access and data damage). The cyberattack caused significant operational disruption by rendering critical business data inaccessible during the encryption lockout period. While the exact scope of compromised data remains unspecified in public reports, police confirmed the attackers targeted confidential company information stored on the affected server. The incident highlighted vulnerabilities in the firm's data security posture, though no additional technical details about attack vectors or data recovery efforts were disclosed by investigators or company representatives.