MUMBAI: Hackers seized control of computers at three banks and a pharmaceutical company about a week ago, then demanded a ransom in bitcoins for the decryption keys to unfreeze them.The attackers accessed the system by compromising IT administrators’ computers, people aware of the matter said. In all four cases, the hackers are said to have used the Lechiffre ransomware. Having encrypted all files, the hackers demanded one bitcoin each (about Rs 30,000 at current prices) per computer for a total running into millions of dollars. This is the first known instance of a hacker seeking ransom payments from Indian victims in bitcoins, a digital currency that’s gaining acceptance worldwide.Some extortion money is said to have been paid to free up computers belonging to top executives. ET couldn’t confirm the names of the banks and the pharmaceutical company or the total number of computers that were compromised.“In the last two weeks, many Indian companies including some banks and pharma companies were targeted by hackers,” said Mukul Shrivastava, partner for fraud investigation and dispute services at EY . “In some cases, the companies also paid the extortion money for about 15 computers so that at least the top executives could use their computers.” The frequency and ferocity of cyberattacks on Indian companies will intensify as economic progress attracts more such predators, experts said. In none of the cases cited above was the police approached. Indian companies tend to be secretive about such attacks, experts said.In all the instances, the infection began when an email disguised as a communication from senior management was opened. Once the IT administrator’s computer was seized, the malware found its way to the other computers. Experts said the ransomware is hard to detect. “Lechiffre encrypts data on computers and servers in the background using 256-bit public-key cryptography where the private key for decryption is only known to the hacker,” said Amit Jaju, executive director, cyber forensics, data analytics, EY. The hackers “left a ransom notification and contact details on each computer in a text file.”Experts said the decryption key might also have malware that will allow hackers access in the future. In May last year, two Indian conglomerates had to pay about $5 million each after hackers breached their systems. The hackers, suspected to be operating from the Middle East, threatened to leak information to the Indian government if the ransom wasn’t delivered. Both are said to have paid up.