Blue computer monitor with binary digits in background

AIIMS Delhi ransomware attack

All India Institute of Medical Sciences (AIIMS) is India’s premier hospital and research center.

On November 23rd, 2022, at about 0700 hours IST, both the primary and first backup servers were found to be inaccessible (cannot be reached/stopped working).

Within 30 minutes, the CERT-In team had disconnected both servers from the network and confirmed that this was a ransomware attack. They also found that the second backup server was not yet infected and immediately disconnected it to prevent any further incidents.

November 23rd was a difficult day at AIIMS since all information was in the system – patient records, appointments, diagnostics, etc.

By November 23rd evening, AIIMS had started working in manual mode, using pen and paper records.

By the 5th day, it was reported in some media outlets that a ransom of 200 crores had been demanded in crypto. However, this report was denied by the police.

On November 29th, the seventh day since the attack, the security team working on the site confirmed that the data restore (restoring the data to the server/computer system) has been completed and the network is being ‘sanitised’ before data can be accessed again.

The team has been working nonstop to restore the data and secure the server from future attacks.

NHS was also attacked in August 2022

Britain’s National Health Service (NHS) faced a similar ransomware attack. The entire NHS worked on paper and pen manual system for almost 4 weeks.

The attack was reported on August 4th.

NHS has not yet reported that operations have resumed or that all data has been recovered.

Why?

Healthcare, energy, retail, and government remain the favourite targets of hackers and ransomware criminals.

Why is that so? A small break in any of these sectors can bring a country to its knees. For example, all of Britain suffered when the NHS was attacked, and the AIIMS ransomware attack has impacted a lot of Indians.

This means that the victim is more likely to pay up quickly.

This is one of the reasons why these sectors are more vulnerable (something that can be easily hurt).