The ransomware attack on the computer network that crippled Delhi’s All India Institute of Medical Sciences, or AIIMS originated from China and may have been carried out by Chinese hackers, the Ministry of Health and Family Welfare said. Data of lakhs of patients from the five physical servers infiltrated by the hackers were also recovered.
“The server attack was by the Chinese; the probe found that it originated from China,” said a top source. “Of the 100 servers — 40 physical and 60 virtual — five physical servers were infiltrated by the hackers. The damage could have been far worse but is now contained. Data in the five servers has been successfully retrieved,” said a spokesperson of the Ministry of Health and Family Welfare.
India’s National Investigation Agency had been investigating the ransomware attack that crippled the teaching hospital for days.
Minister of State for IT Rajeev Chandrasekhar had said, “I can’t comment on that as it is a subject matter of an investigation by the NIA…It is a deliberate and targeted effort…a ransomware attack on AIIMS’ system… and NIA is investigating it.” The minister had said last week that the ransomware attack seemed to be a part of a much more coordinated conspiracy.
“It is a conspiracy, and pretty significant forces have planned it. It is a sophisticated ransomware attack. We will wait for the outcome of the investigations by CERT-In and the NIA before we conclude,” Chandrasekhar had said on December 2.
Given Xi Jinping’s recent aggression towards Tawang, the minister’s does seem to carry weight.
AIIMS’s system first glitched on November 23, after which a case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police. Police have, however, denied reports that hackers asked for Rs 200 crore in cryptocurrency as ransom to restore the system, as has been reported by the media.