India Ransomware Report 2022

Context: India saw a 53 per cent increase in ransomware incidents in 2022 (year-over-year), according to the “India Ransomware Report 2022″ published by the CERT-In.

Major Findings of the Report

• Overall trend: Overall, there is 53% increase in Ransomware incidents reported in 2022 Year over Year.
• Critical infrastructure: Ransomware players targeted critical infrastructure organisations and disrupted critical services to pressurize and extract ransom payments.
• Sectors: IT (Information Technology) & ITeS (Information Technology enabled Services) was majorly impacted sector followed by Finance and Manufacturing.

• Variants: Variant wise, Lockbit was majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware.
  • Many new variants were observed in 2022 such as Vice society, BlueSky etc. Leaked Ransomware source codes are getting forked to launch new Ransomware brands.
  • At large enterprise level, Lockbit, Hive and ALPHV/BlackCat, Black Basta variants became major threats.
  • Makop and Phobos Ransomware families mainly targeted medium and small organisations.
  • At individual level, Djvu/Stop variants continued dominance in attacks over the past few years.

• Vulnerabilities exposed: Most of the ransomware groups are exploiting known vulnerabilities for which patches are available.
  • Some of the product wise vulnerabilities being exploited are in tech companies like Microsoft, Citrix, Fortinet, SonicWall, Sophos, Zoho. and Palo Alto etc., said the report.
• Restoration time: On an average, the restoration time is about 10 days for infections in reasonably large infrastructure networks.
  • “For smaller networks/infrastructure, the restoration time is around 3 days and for individual systems it is 1 day,” the CERT-In report noted.
• Innovative Ransomware Tactics: Ransomware gangs are becoming innovative in their approach to improve attack operational efficiency.
  • Ransomware builders are focusing on speed and performance. Instead encrypting the entire file, a portion of the file is getting targeted for encryption to save time.
  • “Multithreading is getting leveraged for faster encryption and decryption of files,” the report mentioned.
  • Multithreading is a programming concept that allows a single program or process to perform multiple tasks concurrently or simultaneously.
• Recommendations by the report: As Ransomware incident is a business risk, organisations must prepare themselves to face this havoc in an efficient manner.

What is a Ransomware?

• Ransomware is a category of malware that gains access to systems and makes them unusable to its legitimate users, either by encrypting different files on targeted systems or locking the system’s screen unless a ransom is paid.
• Ransomware actors also threaten to sell or leak any exfiltrated data, if the ransom is not paid.
• Categories of ransomware: Although there are countless strains of ransomware, they mainly fall into two main categories.
  • Crypto Ransomware encrypts files on a computer so that they become unusable.
  • Locker Ransomware blocks standard computer functions from being accessed.

Ransomware Attacks: A Global Problem

• Ransomware is big business! In terms of both ransoms paid, spending and lost time in recovering from attacks, an estimated cost to the global economy is approximately $20 billion in 2021, a 57-fold increase from 2015.
• It’s estimated that 45 percent of ransomware attacks target healthcare organizations while 85 percent of malware infections at healthcare organizations are ransomware.

What is the Present Cyber Security Architecture in India?

• National Cyber Security Policy, 2013: It was the first comprehensive document brought out by government to create a secure and resilient cyberspace ecosystem and strengthen the regulatory framework.
  • It aims to protect information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
• National Cyber Security Strategy 2020: It was conceptualized by the National Security Council Secretariat to ensure a safe, secure, trusted, resilient and vibrant cyberspace for Nation’s prosperity.
  • Pillars of strategy are Secure (the National Cyberspace), Strengthen (Structures, People, Processes, Capabilities), and Synergise (Resources including Cooperation and Collaboration).
• Other initiatives to combat cyber-crime:
  • Indian Cyber Crime Coordination Centre (I4C): It was rolled out by Ministry of Home Affairs for the period 2018-2020 to combat cybercrime in the country, in a coordinated and effective manner.
  • Indian Computer Emergency Response Team (CERT-In): It serves as national agency for responding to cyber security incidents as per provisions of IT Act, 2000. It issues alerts and advisories regarding latest cyber threats/vulnerabilities and counter measures to protect computers and networks on regular basis.
  • Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): It has been launched for detection of malicious programs and provide free tools to remove the same.
  • National Cyber Crime Reporting Portal: It caters to complaints pertaining to cybercrimes only with special focus on cybercrimes against women and children.
  • National Cyber Coordination Centre (NCCC): It is multi-stakeholder cybersecurity and e-surveillance agency, under CERT-In. It generates situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
  • National Critical Information Infrastructure Protection Centre (NCIIPC): It is created under IT Act, 2000 (amended 2008) and designated as National Nodal Agency to facilitate safe, secure and resilient information infrastructure for critical sectors of the Nation.

Cybercrime

• It is defined as an unlawful act wherein the computer is tool or target or both. It is a criminal activity that uses computer as instrument for perpetuating crimes.

Cybercrime in India

• Information Technology Act, 2000 provides legal recognition for electronic communication, electronic commerce, and cybercrimes etc.

Stats IQ: Cybercrime in India

• As per NCRB data from “Crime in India, 2020”, Cybercrimes have increased four times or 306 percent in the past four years and rate of cybercrime (incidents per lakh population) increased in 2020.
• As per the “Crime in India, 2021” report, during 2021, 60.8% of cyber-crime cases registered were for the motive of fraud followed by sexual exploitation with 8.6% and Extortion with 5.4%.
• India is among the top five targets for cyberattacks in the Asia Pacific (APAC) region, particularly security breaches that involve cyber espionage, as per ‘Cyberthreats to Financial Organizations in 2022’ report.
• As per Norton Cyber Safety report 2021: 59% of adults in India have become victim of cybercrime.
• Global Cyber Security Index of ITU 2020: India scored 97.5 points to make it to the 10th position worldwide in the GCI 2020. This was an improvement from 47th rank in 2019.

Sharing is caring!