As per Kaspersky, three groups of ransomware are most active in India.
New Delhi: Ransomware attacks have increased manifold during the last year and according to global cyber security group Kaspersky’s data, ransomware attacks across the globe has seen an increase of 60% in 2019 compared to 2018.
Municipalities have been the biggest targets for ransomware attacks in 2019, and Kaspersky data reveals that around 174 municipal institutions along with 3,000 of its subset organisations have been targeted by ransomware in 2019.
The ransomware demands from the attacked institutions or corporates range from $5,300,000 and $1,032,460 on average and researchers say that these figures do not accurately represent the final costs of an attack, as the long-term consequences are far more devastating.
One of the major ransomware attacks which was faced in 2019 was in Baltimore in the United States where officials encountered a ransomware called RobbinHood that encrypted a number of municipal computers, and completely paralysed some city services. The malware had disabled about 10,000 devices and extortionists demanded 13 bitcoins which cost about $114,000 to decrypt the computers.
India has not been far behind and during 2019, the Indian corporate sector faced a number of ransomware attacks. According to Kaspersky’s research group, three groups of ransomware—Ryuk, Purga and Stop—have been the most active and notorious ransomware active in India.
Among these three ransomware active in India, the Stop ransomware had caused about 10.10% of the total ransomware attacks in India, followed by Ryuk which was responsible for about 5.84% attacks and Purga was responsible for 0.80% ransomware attacks.
The mechanism behind how these ransomware operate is quite simple—they turn the files on victims’ computers into encrypted data and demand a ransom for the decryption keys. These keys are created by threat actors to decipher the files and transform them back into the original data. Without a key, it is impossible to operate the infected device. The malware may be distributed by the creators of the threat, sold to other actors or to the creators’ partner networks, “outsourced” distributors that share the profit from successful ransomware attacks with the technology holders.
However, according to Kaspersky researchers to avoid malware infestation and ransomware attacks It is essential to install all security updates as soon as they appear.
Most cyber attacks are possible by exploiting vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack. They also advice to protect remote access to corporate networks by VPN and use secure passwords for domain accounts and to have fresh back-up copies of all files so that one can replace them in case they are lost.