New Delhi: The investigation into the AIIMS cyber attack has found conclusive evidence to suggest that it is connected to China, ThePrint has learnt.
Sources privy to the investigation said that they have located two places that suggest that Chinese hackers are behind the ransomware attack — a place in China and one in Hong Kong. They also dismissed reports that the first information report (FIR) lodged in the case mentions China.
“In the investigation so far, we have found conclusive evidence to suggest the role of hackers based in China and Hong Kong. Technical analysis of the system where the attack originated revealed a file (used in communication) that has a direct link to both locations in China and Hong Kong. Further investigation is on,” one of the sources in the Delhi Police said.
The investigation is being conducted through backtracking — identifying the systems first affected and tracing them back to the servers, the source explained.
On 23 November, the AIIMS server came under a major cyber attack crippling the system that oversees online registration of patients appointments, uploading and accessing lab reports and also the coordination of multiple hospital departments.
Asked if this was a ransomware attack, the source explained, “they posted (messages) on some of the files asking for ransom. However, no ransom has been sought, so far”.
“‘What happened? Your files are encrypted?’, ‘What is the price to repair? The price depends on how fast you can pay us’ — were posted as a file encryption note by the hackers,” the sources said.
In a ransomware attack, hackers use malicious software to restrict access to data or computer systems — usually by encryption — until they are paid by their targets.
The hackers allegedly offered to decrypt three files for free before the payment is done and also warned that attempts to decrypt the files with third party software will lead to permanent loss of data, they said.
Data of patients, including those of high-profile individuals such as former prime ministers, ministers, and judges, for over a decade were stored in the AIIMS server.
“We are trying to ascertain if the motive was espionage, sabotage or something else,” the source said.
Sources said that the link to China and Hong Kong has also been established through preliminary probe after technical probe of the hacker’s message on the files.
(Edited by Tony Rai)
Also Read: Was AIIMS cyberattack inevitable? Doctors flagged risks soon after hospital went digital in 2016