Oil India Cyber Attack: Russian Malware Planted From Server In Nigeria Was Used, Says Police

New Delhi: A top police official on Friday said that a Russian malware planted from a server in Nigeria was used for a recent cyber attack on Oil India’s (OIL) system in Assam’s Duliajan.

The police official said that their investigations indicated the cyber attack was carried out from overseas.

“We have found that a Russian malware was used in it. And someone, individual or group, planted it from Nigeria,” the police official, who wished not to be named, told PTI in Assam’s Guwahati city.

“We are working out the details and also ascertaining whether it was planned attack or a random one that hit OIL,” he added.

The OIL system is yet to be restored completely even after 10 days of the incident.

Earlier on April 10, the cyber attack took place on one of the workstation of Geological and Reservoir department of OIL.

It was, however, intimated by the IT department two days after the incident on April 12.

As a result, the OIL server, network and other related services were affected.

The cyber attacker has demanded over Rs 57 crore as ransom through a note posted on the infected PC.

Responding to a poser by the news agency, OIL spokesperson Tridiv Hazarika said that different government agencies were carrying out the investigation into the incident.

“Whether it's a random virus attack or one by typical cyber criminals - domestic or international, we will know after investigation,” he said.

He added that experts from CERT-In and NCIIPC are helping in the probe besides the Assam Police and Intelligence Bureau personnel.

CERT-In and NCIIPC deal with cyber security related matters, including probing against hacking and phishing attacks.

Asserting the government is taking it very seriously and doing a thorough probe, Hazarika said systems are being restored in a phase-wise and many computers are already functioning.

The OIL spokesperson added that operations were not affected at any stage of the cyber attack.

Earlier on April 13, the OIL had approached the Dibrugarh Police, which registered a case under Section 385 of the Indian Penal Code (extortion) read with Sections 66 (dishonesty and fraudulence) and 66F (cyber terrorism) of the Information Technology Act, 2000.