How India can fight ransomware attacks
- Malwarebytes reported 280 occurrences of cyberattacks in April 2022
- A ransomware attack is an effort by hackers to keep a system hostage
- The majority of ransomware perpetrators seek ransom through untraceable payment methods
SpiceJet flights came to a halt and hundreds of passengers were stranded at Indian airports last month. The company said that it had prevented a ransomware attack that had disrupted the airline's systems and caused numerous flights to be delayed for many hours. While the event resulted in strained passenger tempers and complicated logistics, it has switched the focus to the threat of ransomware attacks, which garnered attention in 2017.
Malwarebytes, a developer of anti-malware software, has reported 280 occurrences of cyberattacks by recognised kinds of ransomware in April 2022.
According to a report by Verizon, ransomware attacks increased by 13% globally in 2021, including in India.
According to the "2022 Data Breach Investigations Report (DPIR)," last year saw more ransomware attacks than the prior four years combined. Verizon assessed 5,212 breaches and 23,896 cybersecurity events reported by 87 organisations for the purpose of the study.
A ransomware attack, as the term implies, is an effort by hackers to keep a system hostage.
Until the victim — generally a big organisation — pays a ransom, the attacker will restrict their access to the system. This is accomplished via getting remote access to a system or duping the target into downloading or clicking on a link sent through email, which encrypts and locks the user's data.
Highly advanced ransomware attacks, such as WannaCry, may spread across systems without the need for human involvement.
The report identifies four major methods a hacker may take to keep an organization hostage: duplicating credentials, phishing, exploiting vulnerabilities, and deploying botnets. In 2021, duplicating credentials was the most common way of conducting a ransomware attack, accounting for almost 40% of all attacks.
The majority of ransomware perpetrators seek ransom through untraceable payment methods, such as cryptocurrency. The WannaCry attack, which lasted four days from May 12 to 15, 2017, compromised over 2 lakh systems in 150 countries, resulting in billions of dollars in commercial losses.
According to cybersecurity firm Quick Heal Technologies, WannaCry targeted around 48,000 systems in the attack, with the majority of instances occurring in West Bengal.
In August 2018, a version of WannaCry affected 10,000 Computers at TSMC, prompting the business to shut down some of its chip-fabrication units temporarily.
The North Korean government was suspected of launching the WannaCry attacks, with the US Department of Justice arresting a hacker called Park Jin-hyok in 2019.
According to the Verizon report, awareness should be sufficient in most circumstances to mitigate the danger – 40% of ransomware occurrences utilised desktop sharing software, and 35% involved email attachments/links.
"If attackers have credentialed remote access, they can leverage that directly. Otherwise, they must make their own remote access by emailing either malicious links or attachments," the report states.
"Locking down your external-facing infrastructure, especially RDP (remote desktops) and emails, can go a long way toward protecting your organisation against ransomware," the report adds.
Malwarebytes published guidance on the better strategies to alleviate ransomware attacks, including performing regular, offline, and password-protected backups of data, network segmentation so that systems on a single network are not accessible from every other machine, regularly updating antivirus, operating systems, and other software, multi-factor authentication while logging in and adding an email banner to emails received from outside the organisation.
The greatest defence, according to Risk Recon, a Mastercard-owned third-party cyber risk management firm, is to raise awareness, whether at an individual or organisational level.
Because of the pandemic's digitalization, India has become an increasingly prime area for malicious attackers. Somewhere at end of the day, certain attacks will always get through, which is still a significant amount considering the high volumes of such threats that India confronts.
According to Gartner, technical research and consulting group based in the United States, end-user expenditure on security and risk management in India is expected to reach 2.6 billion dollars in 2022, representing a 9.4% increase over 2021.
According to Gartner's report, the country has a serious shortage of competent cybersecurity specialists. As a result, end-user organisations in India frequently turn to security service providers to achieve their cybersecurity goals. Therefore spending on security services is expected to reach $1 billion in 2022, the most among all categories. This will be followed by investments in network security and infrastructure protection.