Indian telecommunications infrastructure giant Indus Towers has reportedly become the latest victim of an alleged ransomware attack orchestrated by the notorious Medusa group. The cybercriminals claim to have gained unauthorised access to the company’s data and are demanding $500,000 as ransom.
Indus Towers was founded in 2007 and is India’s largest mobile tower installation company. Bharti Airtel has the largest stake in the company, followed by Vodafone Group and Providence Equity Partners.
While the specific details of the breach are not publicly available, the encrypted data likely includes sensitive information due to the company’s extensive operations. A cyberattack on such a large entity puts the company at risk and threatens the entire country’s telecom sector.
The Medusa ransomware group emerged in 2023 and has established a prominent presence in the dark world of cybercrime. The ransomware serves as a Ransomware-as-a-Service (RaaS) platform
Throughout 2024, Medusa continued its attacks, often posting victims’ names on social media platforms such as X, Telegram, and their blog. The victims spanned across sectors and countries. Researchers have observed that the ransomware group had targeted entities in the United States, Israel, England, Australia, the United Arab Emirates, India, Iran, and Portugal, among others.
Medusa ransomware’s favourite sectors include high technology, education, manufacturing, healthcare, wholesale and retail, professional and legal services, construction, hospitality, media and entertainment, and nonprofits.
There is a high probability that Indus Towers has been compromised by phishing or spear phishing campaigns where attackers deliver malicious attachments via email. These methods are often used by Medusa ransomware to target victims.
Indus Towers has not yet confirmed the reported breach. Candid.Technology has reached out for a comment regarding the details and extent of the breach and will update the story upon receiving a response.
Cybercrooks have been targeting entities in India for a while now. For instance, India’s edtech platform Wissenhive was attacked by FunkSec and leaked over 32,000 sensitive records. Similarly, Madhya Pradesh’s child welfare agency was also hit by FunkSec ransomware group.
Furthermore, another ransomware attack on QuizTarget encrypted 6 GB of sensitive company data affecting millions of users.
Last year, a ransomware attack on C-Edge Technologies Ltd. disrupting cooperative and regional rural banks (RRBs).
In the News: Nepal-based scam calls mimic TRAI alerts; threaten digital arrests