Hackers, who attacked websites of Telangana and Andhra Pradesh state power utilities, have demanded six Bitcoins (nearly Rs 20 lakh) as ransom to give description key to restore the sites, police said Friday.

T Srinivas, Director (Projects and IT) of Southern Power Distribution Company Limited (SPDCL), assuring no data breach said the website of their organisation is open and that of Northern Power Distribution Company Limited is in the process of restoration.

“They (ransomware attackers) demanded six Bitcoins. Normally the attackers leave a link for paying ransom. In this case the websites were restored to normalcy even before they sent the link. We are continuing our investigation,” Additional Deputy Commissioner of Police (Cyber Crimes) KCS Raghu Vir told PTI.

The official further said the link which the malware leaves for ransom cannot be traced and previous history of ransomware attacks proved they originated from Central Europe and some African nations.

Srinivas said the websites and systems are managed by TCS and experts from the IT giant have flown in to restore them.
“Our website is open now. There is no harm to the data. Our servers are secured,” he said.

A staff of the Power Distribution Company of Telangana Thursday received a mail from an unknown person and when he inadvertently clicked on it, the virus (ransomware) attack took over the entire system.

Along with the Telangana systems, the computer systems of power utilities in Andhra Pradesh also came under the malware attack because they are linked to each other, police had said.

When contacted, K Vijayanand, Chairman and Managing Director of Transmission Corporation of Andhra Pradesh Limited, said experts from TCS were working on restoration of the site and there was no impact on the billing activities for AP utilities.