Cyber Incident Victim: Uttar Haryana Bijli Vitran Nigam Limited
Date:
Mar 2018
Location:
India
Summary
A cyber attack targeted a Haryana power distribution company, encrypting billing data for approximately 4,000 industrial consumers through its Automatic Meter Reading System. Attackers demanded a Rs 1 crore ransom in Bitcoin to decrypt the data, prompting an FIR under IT Act and extortion laws. The organization confirmed no operational disruption due to available backups, with billing restored swiftly. The compromised data involved payment records for mid-sized industrial consumers across nine operational circles. While forensic analysis confirmed the encryption, authorities initiated a police investigation and planned cyber cell involvement. The incident accelerated pre-existing plans to replace the legacy system with a more secure infrastructure by mid-2018.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 21, 2018, Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL), a government-owned power distribution company serving northern Haryana, experienced a cyber attack targeting its Automatic Meter Reading System (AMR). The attackers encrypted billing data for approximately 4,000 industrial consumers and displayed on-screen ransom demands for Rs 1 crore (approximately $154,000 USD at the time) payable via Bitcoin in exchange for the decryption key. The compromised data included records of paid and unpaid bills for industrial customers consuming between 15KW and 20KW of electricity across nine operational circles: Panchkula, Ambala, Rohtak, Yamunanagar, Panipat, Kaithal, and Karnal. UHBVNL officials discovered the encryption during immediate system analysis conducted by internal IT staff and external cyber experts following the attack. The organization filed a formal police report (FIR) at Panchkula’s Sector-5 police station on March 23 under Section 66 of India’s IT Act, 2000 (covering computer-related offenses) and Section 384 of the Indian Penal Code (extortion).
UHBVNL confirmed the attack did not disrupt billing operations due to functional backup systems, with spokesperson statements indicating normal billing resumed promptly for all affected consumers. No business losses occurred, as the backup data allowed continuity of services without financial impact. Internal sources revealed the hackers had previously attempted similar intrusions against the discom, though specifics of prior incidents were not disclosed. The Panchkula police initiated an investigation and planned to involve specialized cyber crime units for technical analysis. Concurrently, UHBVNL accelerated preexisting plans to replace its legacy AMR system with a more secure, technologically advanced platform scheduled for deployment by May 2018. The organization maintained public assurances regarding system integrity while declining to disclose whether ransom negotiations occurred or if data recovery required additional remediation beyond backup restoration.