India’s leading Cybersecurity agencies probe Oil India Ransomware attack

Image credit: The Economic Times

The Intelligence Bureau (IB) and India’s two leading cyber security agencies — Indian Computer Emergency Response Team (CERT-In) and National Critical Information Infrastructure Protection Centre (NCIIPC) — have joined the probe into the ransomware attack on state-run explorer Oil India Limited’s (OIL) headquarters at Duliajan in upper Assam’s Dibrugarh district.

Oil India Limited is the second largest Indian-government owned hydrocarbon explorer and producer which is under the ownership of the Ministry of Petroleum and Natural Gas, Government of India.

The CERT-In is the national nodal agency that deals with cyber security threats such as hacking and phishing. The NCIIPC is the national nodal agency that handles critical information infrastructure protection. It is a unit of the National Technical Research Organisation under the Prime Minister’s Office.


On the 10th of April 2022, Oil India suffered a cyberattack disrupting its operations in Assam and received a ransom demand of USD 75,00,000 (over Rs 57 crore) from the perpetrator. A case was registered under various sections of the Indian Penal Code and the Information Technology Act, 2000, after the company lodged a complaint with the police, according to media reports.

The report further added that two representatives from each of these agencies reached Duliajan on Friday to join the probe being conducted by the local police. The anonymous hackers had sought a ransom of $7.5 million from OIL to restore the affected network, according to reports. The report further added that OIL India has also separately engaged the services of a Delhi-based private cyber security agency with international exposure.

“Our production and drilling operations are functioning normally. Our communication network is also not affected as we have an alternate network of computers in place to deal with such kinds of emergencies. Most of the data is safe as we were able to isolate the infected servers… we suspect it is the handiwork of international hackers,” said Tridiv Hazarika, OIL spokesperson.

Publish on W.Media
Author Info - W.Media
Share This Article
Other Popular Posts