Mumbai: In a relief to Generali Central Life Insurance Company Limited, the Bombay High Court has granted ad-interim relief in its favour against a ransomware attack carried out by a hacker group identifying itself as “Medusa”.
Directive to Government Authorities
The court directed the Union of India through the Department of Telecommunications (DoT) and other authorities to immediately block and disable all accounts, domain names, and communication channels associated with the breach.
Court Observations on Data Risk
“The gravity of the consequences that may follow if the applicant’s confidential data is made public or traded is overwhelming. The balance of convenience is clearly in favour of the applicant for the grant of ad-interim relief,” Justice Arif Doctor said on October 16.
Generali’s Complaint and Ransom Threat
Generali had approached the high court seeking urgent relief against John Doe (unknown) defendant who claimed to have hacked the insurer’s confidential and customer data and demanded USD 5000,000 in ransom. The threat was posted on X (formerly Twitter), and warned that the data would be made available to anyone willing to pay, unless Generali paid a ransom.
Details of the Ransom Demand
Generali’s counsel Venkatesh Dhond submitted a screenshot of ransom demand by the hacker – (a) Add time 1 day - USD 10,000 (b) Delete all data - USD 500,000 (c) Download all data - USD 500,000.
Court Intervention and Representation
Shond urged the court to grant an urgent injunction against the John Doe defendant and restraining them from publishing, distributing, or selling any of its stolen confidential data.
Advocate Ashish Mehta, representing the Union of India, assured the Court that they will extend their fullest cooperation to Generali.
High Court’s Ruling and Directives
The court noted after considering the material submitted by Generali, a “strong prima facie case has been made out for the grant of ad-interim relief”. It restrained the hacker group Medusa and persons related to it from using, copying, publishing, distributing, transmitting, communicating or disclosing Generali’s confidential data, “by any medium whatsoever or on any platform whatsoever”.
Implementation Orders to DoT
It also directed the Union through DoT and related authorities to remove, delete, block, and disable any accounts, domain names, phone numbers, or email addresses linked to the stolen data.
Also Watch:
It has also asked the Center to act within 24 hours of intimation from Generali regarding further such stolen data and to disable any such new content or accounts misusing its data.
Further Compliance
The Center has been asked to file an affidavit stating steps taken to comply with these directives.
To get details on exclusive and budget-friendly property deals in Mumbai & surrounding regions, do visit: https://budgetproperties.in/
