Update as on 07/02/2020: As part of our regular darkweb monitoring, our researchers came across the data leak of National Highways Authority of India (NHAI) been published by the Maze ransomware operators.

The National Highways Authority of India (NHAI) is an autonomous agency of the Government of India, set up in 1988, and is responsible for the management of a network of over 50,000 km of National Highways out of 1,15,000 km in India. It is a nodal agency of the Ministry of Road Transport and Highways. NHAI has signed a memorandum of understanding (MoU) with the Indian Space Research Organisation for satellite mapping of highways. Sukhbir Singh Sandhu (IAS), is the present Chairman of NHAI since October 2019.

In economic times news article, NHAI stated about a ransomware attack on their email server which took place on 28 June 2020, and due to shutting down of their email servers protected NHAI from no data loss. Besides that, the ransomware operators claim to breach NHAI servers and released sensitive data files. As per now, the ransomware operators claim to have uploaded only 5% of the total data leak. Below is the snapshot of the data leak been posted on the ransomware’s website-:

The Cyble Research Team identified and analyzed the data leak of around 2GB. The data leak includes sensitive corporate operational documents such as the company’s staff list, passport copy of ex-chairman of NHAI, details of dependent family members of NHAI employees, NHAI internal audit reports, and much more. Below are few snapshots of the data leak being released by Maze ransomware operators-:

We recommend people to:

• Never share personal information, including financial information over the phone, email or SMSs
• Use strong passwords and enforce multi-factor authentication where possible
• Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately
• Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
• Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile

About Cyble:

Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.