Let’s travel together.

Under cyber attack: The AIIMS ransomware attack is just a reminder how vulnerable organisations can be

Cybercrimes are rising both in numbers and sophistication. The latest to find itself on the receiving end was the All India Institute of Medical Sciences (AIIMS) in Delhi, which was hit by a ransomware attack on November 23, rendering its servers non-functional for about two weeks.

As the name might suggest, a ransomware attack is malware in which cybercriminals encrypt data and demand ransom for unlocking the same. In this case, they asked for Rs 200 crore in cryptocurrencies. Although the investigation is on, the minister of state for IT called it “a deliberate and targeted effort”.

Also Read: After AIIMS, Safdarjung Hospital reports cyberattack but impact may not be as severe; here’s why

Not just AIIMS but the Indian Council of Medical Research (ICMR) also faced several unsuccessful hacking attempts on November 30. Delhi’s Safdarjung Hospital, too, came under similar attacks, but the impact was limited.

Although the cyberattack at AIIMS brought the focus to cybersecurity, this is not the only ransomware attack to have been perpetrated in the recent past.

Spicejet attack

In May this year, low-fare airline Spicejet reported a ransomware attack that delayed several flights by up to six hours. “Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today,” it said in a statement then. Several passengers vented their anger on social media claiming many had to sit on the plane for hours. Although the attack was thwarted by the airline within hours, it was not revealed what the hackers demanded or what kind of malware affected its systems.


In May 2017, multiple companies the world over were attacked by the WannaCry malware. The malware was so fast-spreading that within two days, it affected over 200,000 in about 150 countries. The hackers demanded ransom in bitcoin.

Also Read: How to ensure cyber security, identity verification, fraud prevention in 2023

The companies impacted included Honda, Renault, Nissan Motors, FedEx, China National Petroleum, Petrobras, Taiwan Semiconductor Manufacturing Company, along with the United Kingdom’s National Health Service (NHS). In India, too, incidents were reported from Kerala, Gujarat, West Bengal, and Odisha, along with the police departments of Andhra Pradesh and Maharashtra. It later came to light that the attack was propagated through EternalBlue, which is an exploit created by the US NSA (National Security Agency) for Windows, which was stolen a month before the attack.

Although the total amount of damage could not be known, Symantec estimated $4 billion in damages.

In December 2017, the US and the UK accused North Korea of being behind the attack.


In 2017, Ukraine came under a major ransomware attack that impacted several essential sectors. The malware, which is believed to have spread through Ukraine’s tax preparation program ME Doc, spread to crucial departments, companies, and enterprises, such as the National Bank of Ukraine, other banks, power grids, airports, bus and gas stations, companies, etc. Not just that, on June 27, 2017, the monitoring system of the Chornobyl Nuclear Power Plant went offline.

Although the attack later spilled to some other European countries, too, Ukraine bore most of the brunt. The damages are estimated to be more than $10 billion.


Last year, the Colonial Pipeline in the US was at the centre of a ransomware attack, believed to have been carried out by a group called DarkSide. As the pipeline is responsible for transporting oil from the Gulf of Mexico to companies along the US East Coast, the oil supply was severely impacted. Within two hours of the attack, the hackers were able to get hold of 100GB of data. On May 7, the US government paid them $4.4 million in cryptocurrencies as ransom, and president Joe Biden declared an Emergency. Although not known for sure, the attack is believed to have been carried out from eastern Europe—Russia or Ukraine. However, some believe the hackers operate in multiple countries, including Poland and Iran.


The SamSam malware first made an appearance in 2015, however, it sharpened attacks in 2018. Multiple states in the United States largely came under the attack. As per estimates, its creators have earned $6 million through ransomware.

Although the sophistication of attacks is a factor, the state of computer systems also plays a role in all such ransomware attacks, which are affected more if the systems are out-of-date.

Comments are closed.