BlackCat gang taunts ‘victim’ on LinkedIn

Indian IT services provider SRM Technologies appears to have been hit with a ransomware attack by the BlackCat gang. The group says a successful phishing attack enabled it to gain access to SRM’s systems.

It is not yet clear how much damage has been inflicted on the company’s system in the attack, which was revealed overnight.

SRM Technologies is an IT services provider based in India, with offices in the US and Japan. The company was founded in 1998 and works with customers in industries including automotive, industrial, retail and education on digital transformation and other IT projects.

Attacks on IT services providers can have wide-ranging consequences, as the businesses often have access to the systems of their clients, meaning a breach can be used as a springboard for a supply chain attack such as the SolarWinds breach.

Tech Monitor has contacted SRM Technologies for a response to the allegations.

SRM Technologies ransomware attack: how it happened

According to BlackCat, a fraudulent email was sent to four employees at SRM Technologies, including the head of cloud engineering Ramkumar Dilli. It warns of an ongoing cyberattack, stating that some of the company’s files had already been encrypted.

BlackCat’s victim blog on the dark web displays the phishing email and what purports to be Dilli’s response.

The email reads: “Important files on your network was ENCRYPTED and now they have “egdd8rl” extension. In order to recover your files you need to follow the instructions below.”

The rest of the email implores recipients to act quickly and includes a list of the data that has apparently been lost.

Dilli then appears to reply to the email, forwarding it to the IT department along with a message thanking them for their support and diligence.

Hours later the gang says it reached out to Dilli himself…