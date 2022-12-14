AIIMS Delhi - File Photo

The cyberattack on the AIIMS, Delhi servers is suspected to have originated from locations in China and Hong Kong, PTI quoted official sources as saying on Wednesday.

Further details have been sought which can be obtained from companies in China and Hong Kong. The Delhi Police has written to the Central Bureau of Investigation (CBI), which will in turn obtain the information through Interpol, they said.

"As of now, the server attack is suspected to have originated from a location in China and a location in Hong Kong," an official source said.

According to a report by The Indian Express, the investigation into the cyberattack has found that the IP addresses of two emails, which were identified from the headers of files that were encrypted by the hackers, originated from Hong Kong and China’s Henan province.

The report further quoted sources saying that the senders used the email service Protonmail and that probe agencies have still not located the person, organisation and exact physical location linked to the cyberattack.

The investigation also revealed that the main server and applications responsible for OPD services were down as all the system files in the home directory were encrypted by changing their extension to .bak9 — a new file that encrypted the extension files of the system, the report added.

Multiple agencies, including the Indian Computer Emergency Response Team (CERT-In), are investigating the cyberattack that is feared to have compromised the records of nearly 3-4 crore patients, including high-profile political personalities.

The All India Institute of Medical Sciences, Delhi faced the cyber attack on November 23 which paralysed its servers. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25. The internet services were blocked as per the recommendations of the investigating agencies.

Computer Emergency Response Team (CERT-In), Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, CBI and National Investigation Agency, etc. Are investigating the ransomware incident.

With the servers down, the hospital's outpatient and inpatient digital services, including smart lab, billing, report generation and the appointment system, were affected. Online services resumed partially from Tuesday, a hospital source said.