SRF India suffers a ransomware cyber incident

by

SRF India is a publicly listed chemicals manufacturing company based in India. Lockbit has added SRF to its list of victims. The ransomware threat actor has threatened a data dump by 1st March.

  • SRF is one of the largest chemical manufacturing companies in India.
  • Lockbit ransomware group has executed a ransomware attack. It has threatened to dump all the data of SRF by 1st March 2023. 15 days period has been assigned to the company for making ransom payments.
  • There has been no official confirmation or official statement from representatives of the SRF group in India.
  • The corporate website of SRF is working fine.
  • India has a strict cyber reporting framework, especially for listed companies. So, an exchange notification may be coming in the next few days.
  • It is unclear if all or some data of the SRF group has been stolen or encrypted by the Lockbit group.
  • SRF is scattered all across India with the Head-office being in Gurugram.
  • SRF has multiple manufacturing facilities that are spread across the states of Rajasthan, Madhya Pradesh, Tamil Nadu, and Uttarakhand. It is not confirmed if one of these locations or multiple locations has been affected by this cyber incident.
  • The exact impact on the manufacturing processes is unknown.
  • Ransom amount sought by Lockbit is unconfirmed as we write this.

We expect SRF will release a statement about this data breach soon. That should tell us more about the recovery timeline and the kind of data that may have been stolen or encrypted.

SRF ransomware attack

A full-fledged forensics audit of the trail left by the ransomware actor may already be running on the company side.

The screenshot below is taken from Lockbit’s claims about SRF.

SRF India cyber incident

SRF, in all likelihood, would have been targeted over the weekend. We have maintained in the past that ransomware attacks are becoming more frequent, large, and common.

It is significant to undertake prevention measures against ransomware attacks. Some of these could be as simple as the following:

  • performing vulnerability detection and remediation on a frequent basis
  • updating the firmware of hardware devices on the networks on a regular basis
  • maintaining backups of critical data at offsite locations

While we wait for an official statement from SRF, it is pertinent to mention that SRF has a diverse number of offices and manufacturing facilities. Therefore, the actual impact on its business operations can only be studied once the company has undertaken and completed a full audit of the affected servers and infrastructure.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.