According to media reports this week, the Kerala Forest Department fell victim to ransomware attacks in March, with crucial accounts and financial data compromised. The department reportedly had no choice but to forfeit their encrypted files. It is not an isolated incident. In fact, we found that ransomware detections in India skyrocketed by a factor more than 200 earlier this year. If state organizations that can command significant resources cannot fend off the threat, India's 40 million small and midsized business should be concerned. A new strategy is needed.
We observed one ransomware family generate illegal gains of US$1 million over a six-month period in 2015.
Ransomware is a type of malware that renders the victim's computer or specific files unusable, and demands a ransom from the victim to restore the computer or decrypt the encrypted files.
Bitcoin is the preferred method of payment. The targeted systems usually contain essential and highly sensitive information from a wide range of data-centric businesses and verticals. Unlike cyber espionage attacks commonly conducted by nation states, ransomware's impact is immediate.
The ransomware threat extends far beyond the victim's computer. Some ransomware can travel from one infected system to a connected file server or other network hub, and then infect that system, effectively taking an entire organization offline. Imagine, all the files in your workplace become inaccessible. In other instances, attackers steal a significant amount of confidential information, share proof they have the files, and threaten to release the files publicly unless the organization pays them a large sum, which is sometimes in the millions of dollars.
This scourge is not going away any time soon—it is simply too profitable. Ransomware commands large profit margins and produces immediate income. We observed one ransomware family generate illegal gains of US$1 million over a six-month period in 2015. The success of prolific ransomware families has provided a blueprint for aspiring ransomware developers, showcasing increasing profit margins and campaign sustainability.
Low awareness of this attack type combined with the sophisticated tools available to even novice attackers make for a potent combination in India, where the threat has grown multiple times in just a few months.
Low awareness of this attack type combined with the sophisticated tools available to even novice attackers make for a potent combination in India...
Indian organizations must wake up to the reality that this quest for easy money is leading threat actors to their doorstep, understand that prevention is the best defense, and rise to meet the threat. To reduce the chance of a ransomware attack succeeding, organizations need visibility into their internal system security levels and a strong understanding of the attackers' tools, tactics and procedures. The first line of defense is email security that blocks ransomware distributed through email attachments and embedded malicious links. In addition, network security solutions can identify an attack in progress and block further damage. A combination of technology and robust threat intelligence would help fortify and defend organizations against the increasingly sophisticated persistent cyber attacks we are seeing today.
Today, it is far too easy to disrupt the operations of an Indian company. No organization wants to be blackmailed into giving criminals money and lose their reputation over such attacks. A sound security strategy that recognizes shifts in the threat landscape can help mitigate these issues.