Recent News related to ransomware attack
On December 20 IT services provider HCL technologies in its quarterly report shared that it was hit by a ransomware incident within a restricted cloud environment.
What is ransomware attack?
Ransomware is a type of malware that hijacks computer data and then demands ransome (i.e. payments usually in bitcoins) in order to restore the lost data.
Why are ransomware attacks a matter of concern?
A 2023 study conducted by Sophos, a cybersecurity company, showed that 73% of organisations have reported being victims of ransomware attacks. This figure has gone up from 57% the previous year (2022).
Of these, 77% of organisations reported that attackers succeeded in encrypting data, with 44% paying the ransom to retrieve their data, a significant drop from 78% compared to the previous year.
However, despite paying the ransom, companies doubled their cost of recovery for the data held hostage by threat actors compared to organisations that did not pay the ransom and relied on the backups.
Additionally, according to the Indian Ransomware report released by India’s Computer Emergency Response Team (CERT-In), a 51% increase in ransomware incidents was reported in H1 2022, with a majority of these attacks targeting data centres, IT, and Tes sectors in the country.
Why are IT organisations more prone to ransomware attacks?
The simple answer is because they hold valuable data. Threat actors have a tendency to focus their attacks on organisations that hold valuable data. The more value the data has to the organisation and its stakeholders, the higher the chances that the ransom will be paid.
IT organisations and software vendors hold a lot of valuable information and data, including sensitive information like intellectual property and other information about the firm as well as its clients.
IT organisations are responsible for providing cloud security and data solutions and they also act as large storehouse of data for their clients. Successful attacks on them could potentially open the channel to target supply chains, adding pressure on companies to pay the ransom.
Possible Goals of threat actors?
- Attacking the reputation of victim company (attack could be made out of competition)
- Devaluing the company’s asset and worth. A possible manifestation of an attack is seen through reduced share value and share market performance.
- Monetary goals – Attack could be made out of thirst to get money
- Larger goal of attacking supply chains
What kind of data is held by IT organisation?
Data held by IT organisations could include
- Personally identifiable data of users such as phone number, address, emails and some times also biometric details
- Intellectual property
- Credentials
- Financial information that includes payment information as well.
This data can be leveraged to launch further attacks.
Which other Indian organisations faced ransomware attacks?
In August this year, the government’s Computer Emergency Response Team (CERT-In) issued a warning about the Akira ransomware, which has emerged as a significant cybersecurity threat, targeting both Windows and Linux devices.
In another instance, it has been found that LockBit ransomware was found to be targeting Mac devices.
Earlier this year, in November, a U.S.-based subsidiary of Infosys was reportedly targeted by a ransomware attack. At the time, Infosys McCamish Systems faced an incident involving a ransomware variant.
In March, Indian drug manufacturer Sun Pharma was hit by a cyberattack.
In November 2022, a ransomware attack crippled the All India Institute of Medical Sciences (AIIMS) for days. Hackers reportedly demanded 200 crores in cryptocurrency from the hospital.
Other Cybersecurity threat
- Malicious software attack- It is any program or code that is created with the intent to do harm to a computer, network or server. Ransomware attack is a type of malware attack.
- Phishing – It is a type of cyberattack that uses email, SMS, phone, social media, and social engineering techniques to entice a victim to share sensitive information such as passwords or account numbers or to download a malicious file that will install viruses on their computer or phone.
- Spoofing- It is a technique in which a cybercriminal disguises himself as a known or trusted source. In this way the cybercriminal is able to not only engage with the target but also access their systems or devices. He then is able to steal the information, extort money or install malware or other harmful software on the device.
Continuous efforts are needed to Secure (National Cyberspace), Strengthen (Structures, People, Processes, and Capabilities), and Synergise (Resources including Cooperation and Collaboration) in the field of cyberspace in India.
Read Complete Guide on following topics here:
Complete Guide on India Oman Relations