Bengaluru Firm Reports Data Loss After Ransomware Attack During Server Migration

Overview

On November 21, 2025, Bengaluru-based private firm Enan Tech Pvt Ltd became the victim of a ransomware attack. The breach resulted in critical company data being encrypted and rendered inaccessible. The disruption was discovered when employees attempting to access files and servers found them locked. The firm subsequently lodged a complaint, and the local cybercrime police registered an FIR on November 26, 2025. As of now the full extent of data loss and which systems were impacted remain under investigation.

How the Incident Unfolded

The attack reportedly occurred during a server migration - a period when the company was moving or upgrading its infrastructure. That window appears to have been exploited by attackers to deploy ransomware. Once executed, the ransomware encrypted data on the company’s servers, blocking access to files and applications. The first sign of trouble emerged when employees found that key systems were unresponsive and many files showed as encrypted. This triggered internal escalation and ultimately the decision to file a police complaint.

Impact and Exposure

With servers encrypted, Enan Tech’s core operations - including project data, internal documentation, and potentially client data - were disrupted. The inability to access this data would stall project delivery, hamper internal operations and likely impact any ongoing commitments to clients. There is also a serious risk of reputational damage, particularly if sensitive data - such as client or employee information - was affected or exfiltrated prior to encryption. For a firm in the IT services space, such disruption can undermine client trust and jeopardize future business.

Response and Investigation

Shortly after discovery, Enan Tech filed a formal complaint with the local cyber-crime police. The FIR registered on November 26 marks the start of the formal investigation. Authorities are expected to examine server logs, attempt to trace the intrusion vector and identify the attackers. Simultaneously, the company is likely collaborating with cybersecurity experts to assess whether backups exist, whether data can be restored, and whether there was any data exfiltration before encryption. As of now there has been no public disclosure about payment of any ransom or successful data recovery.

Wider Industry Implications

This incident highlights how even routine operations like server migration can open a high-risk window if proper security precautions are not maintained. It shows that small- and mid-sized firms are increasingly being targeted - not just large enterprises. In a landscape marked by frequent ransomware attacks, such breaches serve as a warning for organizations across India and beyond. The event underscores the need for robust cybersecurity hygiene, especially when performing infrastructure changes, and the necessity for constant vigilance irrespective of the size of the firm.

Guidance for Security Teams

When planning server migrations or infrastructure changes organisations should treat them as high risk operations from a cybersecurity standpoint. Recommended measures include maintaining offline immutable backups, validating backups before migration, limiting administrative privileges, enforcing strict access controls, applying all security patches before migration, monitoring network and file activity during and after migration, and conducting risk assessments prior to the migration. It is also critical to have a well-defined incident response and recovery plan - including fallback strategies and communication frameworks in the event of ransomware or other cyber-threats.