The NHAI was set up in 1988 through an act of Parliament and is mandated to provide an organisation that would develop, maintain and manage national highways in India.
Though the roads under its purview constitute only 2% of the total in the country, they are the arterial roads for inter-state movement of passengers and goods and carry about 40% of traffic.
The national highways make up a total of about 132,499 kms of roads.
A screenshot of the data released on the Maze website on the dark web.
The notice gives the victims a contact email and also lists the amount that is being demanded to decrypt the data and also destroy what was stolen.
Maze is used widely by a variety of attack groups and was used to attack the global technology firm Pitney Bowes.
Other attacks of note have been on the Texas foundry group X-FAB, a Thailand power authority, the Belgian accounting firm HLB, the global defence group ST Engineering, the Sydney strata management company Strata Plus, well-known Indian sweets manufacturer Halidram's, and technology consulting company Cognizant.
Maze first exfiltrates data from a victim and then encrypts the data on-site. The ransom note is then generated on infected systems.
If the victim pays up, a decryption key is sent, the stolen data is deleted and the matter ends there. Most victims choose not to pay, and in such cases, the attackers then release a little of the data that has been exfiltrated.
More and more data is progressively released. Finally, if the victim shows no interest in paying, the data is also dumped on cybercrime forums on the dark web for use by anyone and for any purpose.
The NHAI cannot be contacted because it provides no email address on its site for this, or any other, purpose.