The National Investigation Agency (NIA) is examining a ransomware attack on the National Aerospace Laboratories (NAL), India’s leading aerospace research institution, which occurred on November 15 last year. Suspected to be a cyberterrorist attack, the NIA has initiated an investigation into the incident. People familiar with the matter, speaking on the condition of anonymity, disclosed that the federal anti-terror agency has filed a case regarding the ransomware attack, believed to have been orchestrated by the notorious cybercrime group LockBit.
NAL Bengaluru, an affiliate of the government’s Council of Scientific and Industrial Research, stands as the sole government aerospace R&D laboratory in India's civilian sector. It fell victim to a ransomware attack on November 15, with LockBit threatening to expose stolen data, including classified documents, unless an unspecified ransom was paid. "We have registered a case to investigate the ransomware attack at the NAL from the cyberterrorism angle," stated an NIA officer.
The NIA operates a specialized anti-cyberterrorism unit tasked with investigating cyber attacks perpetrated by state or non-state actors targeting government and private entities in India. In the past, it has collaborated with other agencies, including CERT-In, during the ransomware attack at the All India Institute of Medical Sciences in November 2022. Tarun Wig, an information security expert and co-founder of Innefu Labs, described LockBit as "one of the most prolific cybercriminal groups," noting that ransomware attacks, typically driven by financial motives, frequently target Indian establishments.
LockBit, recognized as one of the world's most active ransomware-as-a-service operations, engages in data theft, encryption, extortion, and data leakage. Initially known as ABCD when it surfaced in 2019, LockBit has targeted thousands of businesses, schools, medical facilities, and government entities worldwide. Following a multinational law enforcement operation led by British authorities and involving agencies from 10 countries, including the US, France, Germany, and Japan, the UK's National Crime Agency announced last month that it had disrupted LockBit's services, compromising their criminal operations.
Graeme Biggar, director-general of the British agency, stated, "Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems." This action has effectively crippled LockBit's capabilities and credibility, according to Biggar, who labeled LockBit as the world's most harmful cybercrime group. Additionally, the US Department of Justice revealed that it had partnered with the Federal Bureau of Investigation to disrupt LockBit's activities, highlighting its extensive ransom demands and the significant ransom payments it has received.