View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 25, 2022updated 05 Aug 2022 6:20am

BlackCat attacks SRM Technologies then taunts victim on LinkedIn

The Indian IT services provider appears to have had its systems breached after a successful phishing attack.

By Claudia Glover

Indian IT services provider SRM Technologies appears to have been hit with a ransomware attack by the BlackCat gang. The group says a successful phishing attack enabled it to gain access to SRM’s systems.

SRM Technologies ransomware
IT Services Provider SRM Technologies has apparently fallen victim to a ransomware attack (Photo by

It is not yet clear how much damage has been inflicted on the company’s system in the attack, which was revealed overnight.

SRM Technologies is an IT services provider based in India, with offices in the US and Japan. The company was founded in 1998 and works with customers in industries including automotive, industrial, retail and education on digital transformation and other IT projects.

Attacks on IT services providers can have wide-ranging consequences, as the businesses often have access to the systems of their clients, meaning a breach can be used as a springboard for a supply chain attack such as the SolarWinds breach.

Tech Monitor has contacted SRM Technologies for a response to the allegations.

SRM Technologies ransomware attack: how it happened

According to BlackCat, a fraudulent email was sent to four employees at SRM Technologies, including the head of cloud engineering Ramkumar Dilli. It warns of an ongoing cyberattack, stating that some of the company’s files had already been encrypted.

BlackCat’s victim blog on the dark web displays the phishing email and what purports to be Dilli’s response.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The email reads: “Important files on your network was ENCRYPTED and now they have “egdd8rl” extension. In order to recover your files you need to follow the instructions below.”

The rest of the email implores recipients to act quickly and includes a list of the data that has apparently been lost.

Dilli then appears to reply to the email, forwarding it to the IT department along with a message thanking them for their support and diligence.

Hours later the gang says it reached out to Dilli himself on LinkedIn, informing him that SRM Technologies had been the victim of a ransomware attack and that he was the source of the breach.

The dark web blog has also posted the name of the company, underneath which is the message, “You have been compromised. We have your data. Your servers are down. Thanks to Ramkumar Dilli for the opportunity.”

Malware researcher Dominic Alvieri posted the leak on Twitter along with screenshots of the dialogue between BlackCat and the head of cloud engineering. “The employee facilitated access with poor cybersecurity skills,” he says.

What is BlackCat?

BlackCat was spotted in November last year, and since then has racked up a long list of victims including, earlier this month, global gaming platform Roblox and gamer producer Bandai Namco.

Researchers including Cisco Talos have postulated that the gang may have members of notorious malware families BlackMatter and DarkSide.

It has been observed soliciting for affiliates in known cybercrime forums, offering to allow these hackers to leverage its malware and keep 80-90% of the ransom payment, according to a report by Unit42, the research arm of security company Palo Alto Networks.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: Ransomware groups are getting smaller and smarter

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.