BlackCat Attack Shuts Uttar Pradesh Bus Ticketing SystemBlackCat Ransomware Group Targeted Mumbai-Based Data Center, Encrypted Systems
The government-owned public transport service of India's most populous province said its electronic bus ticketing system went down on Tuesday following a BlackCat ransomware attack on a third-party-operated data center.
The Uttar Pradesh State Road Transport Corp., which ferries 426 million people annually, said the electronic bus ticketing system went down on Tuesday night, just days after going live.
The system is meant to enable customers to book intracity, intercity, and interstate bus tickets online. As of Friday afternoon, its website displays a notice that "the site is under maintenance and no bookings would be done during this duration."
Yajuvendra Kumar, the system general manager for IT at Uttar Pradesh State Road Transport Corp., told Information Security Media Group his company is probing the attack in an investigation that could last up to a week, following which it plans to relaunch the electronic ticketing system.
Kumar said the results should pin down whether the attack originated in the bus ticketing system, managed by Mumbai-based technology service provider Aurionpro Solutions, or with the data center host of the ticketing system, Web Werks India.
Web Werks' Mumbai data center suffered a BlackCat, aka Alphv, ransomware attack on Tuesday night that enabled cybercriminals to encrypt stored data and demand a ransom from the company, Kumar said. The data center is a 50,000-square-foot complex with 800 racks, and it has direct connectivity with over 160 internet service providers and three internet exchanges. Kumar said it hosts more than 3.5 million terabytes of data collected by Aurionpro.
Aurionpro in November 2021 won a $7.3 million contract to implement an "IoT-based Integrated Bus Ticketing System." Kumar said the company delivered the system in January and authorities activated it for the public just less than a week before the ransomware attack.
The two companies last July announced an alliance to set up multiple data centers across multiple Indian cities.
Representatives from each company didn't offer immediate comments on the incident when contacted by Information Security Media Group. A senior executive from Web Werks said the data center provider plans to share an update about the incident after the May Day holiday.
The BlackCat ransomware-as-a-service group in February claimed it had targeted Indian rocket propellant manufacturer Solar Industries and stolen specifications for the propellant used in a slew of Indian military missile and rocket systems as well as warhead data and personal information pertaining to the company's employees and customers (see: BlackCat Adds Indian Missile Fuel Maker to Its Victims List).
The cybercriminal group in March said it had targeted Indian pharmaceuticals giant Sun Pharmaceutical Industries Ltd. and stolen up to 17 terabytes of information. The group leaked a 28-megabyte sample of files online after the drugmaker refused to pay the extortion demand.