Ransomware Attacks in India

 RANSOMWARE        

-BY MARIYAM CHOWDHARY

Ransom malware, or ransomware, is a form of malware that halts the users from accessing their system or personal files and demands ransom payment in order to regain access tio their system. The earliest form of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.

Types of ransomware

There are three main types of ransomware, ranging in severity from mildly off-putting to Cuban Missile Crisis dangerous. They are as follows:

1.    Scareware

It includes rogue security software and tech support scams. You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.

2.    Screen lockers

Screen locker ransomware is a form of malware that restricts login or file access while demanding payment to lift the restriction. It’s typically deployed at the operating system (OS) level, meaning you won’t be able to use an infected computer or device.

3.    Encrypting ransomware

These are the cybercriminals who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.

India is 5th largest target for Ransomware in the world

The problem of ransomware entered India several months back, and if reports are to be believed, India is already the 5th-most attacked country in the world and the 3rd-most attacked in Asia.

“Ransomware attacks are high in India and it is one the top five countries that has most infections,” says Vitaly Kamluk, Head of APAC Global Research and Analysis Team, Kaspersky Lab.

FireEye, another US-based security firm observed that ransomware detections in India rocketed by a factor of 292 in February 2016 over November 2015.

Most of the ransomware attacks in India are crypto-ransomware. This is an attack where all the data of connected devices are encrypted so that the user cannot use them until they pay up money as directed by the cyber attackers.

In India, over 11,000 users were attacked by TeslaCrypt ransomware during the period of March-May 2016 and ranked 1st in the list of countries attacked by it in that period. TeslaCrypt has now been shut down, and its master decryptor key released on the Internet for all. During the same period, around 600 users were attacked by Locky ransomware and ranked 4th in the list of countries attacked by this ransomware during that time. Android ransomware named Lockdroid is also making its presence felt in the Android OS smartphone segment. Samas too has hit India.

State-wise, Karnataka  tops the list of ransomware infections, and the other percentages are as follows:

1. Karnataka – 36.58 %
2. Tamil Nadu – 16.72 %
3. Maharashtra – 10.86 %
4. Delhi – 10.00 %
5. West Bengal -6.70 %
6. Uttar Pradesh – 5.33 %
7. Telangana – 4.54 %
8. Kerala – 3.87 %
9. Gujarat – 2.35 %
10. Haryana – 1.96 %

Microsoft recently published a data mentioning how many machines (users) were affected by ransomware attacks across the world. It was found that the United States was on the top of ransomware attacks; followed by Italy and Canada. In this list, India stood at number 16.

According to statistics released by Symantec, the main targets other than the India government servers are entities based on Internet of Things and the ones using Android smartphones. Along with Lockdroid, FLocker, mobile lock-screen ransomware is also threatening Android-powered Smart TVs, says Trend Micro. Wearables could well be the next category to be targetted.

The Internet population in India as of June 2016 end, is around 462 million people. With such a large user base that does not even take Online Privacy, let alone Ransomware seriously, it is all gold for the cyber-criminal.

Top 6 Ransomware Attacks in India

According to the cyber security survey report, 67% of Indian enterprises have been hit by ransomware in 2018. What’s more worrisome is that India is among the highest ransomware infected countries in the world. Here is the list of the latest ransomware attacks in India that happened in years:

• Telangana and AP Power Utilities Hacked

A malicious software attacked the power utility systems of  Telangana and Andhra Pradesh last year where all the servers went down until the glitch was rectified. Since the computer systems of Telangana and Andhra Pradesh power utilities were interlinked, the virus attack quickly spread, taking down all the system.

• UHBVN Ransomware Attack

Uttar Haryana Bijli Vitran Nigam was hit by a ransomware attack where the hackers gained access to the computer systems of the power company and stole the billing data of customers. The attackers demanded Rs.1 crore or $10 million in return for giving back the data.

• WannaCry

India was the third worst-hit nation by WannaCry ransomware, affecting more than 2 lakh computer systems. During the first wave of attack, this ransomware attack had hit banks in India including few enterprises in Tamil Nadu and Gujarat. The ransomware majorly affected the US healthcare system and a well-known French car manufacturing firm.

• Mirai Botnet Malware Attack

This botnet malware took over the internet, targeting home routers and IoT devices. This malware affected 2.5 million IoT devices including a large number of computer systems in India. This self-propagating malware was capable of using exploitable unpatched vulnerabilities to access networks and systems.

• Petya

India was one of the top 10 countries to be hit by Petya ransomware. This ransomware attack halted work at one of the terminals of India’s largest seaport causing computer lockdown and serious consequences for the country’s exports.

• BSNL Malware Attack

The state-owned telecom operator BSNL was hit by a major malware attack, impacting nearly 2000 broadband modems! 60,000 modems became dysfunctional after the malware attack hit the Telecom Circle.

How To Avoid & Prevent Ransomware

Ransomware is particularly insidious. Although ransomware often travels through email, it has also been known to take advantage of backdoors or vulnerabilities.

Here are some ways you can avoid falling victim and be locked out of your own data.

1. Backup Your Systems, Locally & In The Cloud

The first step to take is to always backup your system. Locally, and offsite.

This is essential. First, it will keep your information backed up in a safe area that hackers cannot easily access. Secondly, it will make it easier for you to wipe your old system and repair with backup files in case of an attack.

Failure to back up your system can cause irreparable damage.

2. Early Threat Detection Systems

You can install ransomware protection software that will help identify potential attacks. Early unified threat management programs can find intrusions as they happen and prevent them. These programs often offer gateway antivirus software as well.

Use a traditional firewall that will block unauthorized access to your computer or network. Couple this with a program that filters web content specifically focused on sites that may introduce malware. Also, use email security best practices and spam filtering to keep unwanted attachments from showing up in your email inbox.

Make sure to download and install any software updates or patches for systems you use. These updates improve how well your computers work, and they also repair vulnerable spots in security. This can help you keep out attackers who might want to exploit software vulnerabilities.

3. Install Anti Malware / Ransomware Software

Don’t assume you have the latest antivirus to protect against ransomware. Your security software should consist of antivirus, anti-malware, and anti ransomware protection.

It is also crucial to regularly update your virus definitions.

4. Run Frequent Scheduled Security Scans

All the security software on your system does no good if you aren’t running scans on your computers and mobile devices regularly.

These scans are your second layer of defense in the security software. They detect threats that your real-time checker may not be able to find.

5. Enforce Strong Password Security

Utilize a password management strategy that incorporates an enterprise password manager and best practices of password security.

According to background check service Instant Checkmate, 3 out of 4 people use the same password for multiple sites . More staggering is that one-third use a significantly weak password (like abc1234 or 123456. Use multiple strong passwords, especially for sensitive information.

6. Think Before Clicking

If you receive an email with the attachments .exe, .vbs, or .scr, even from a “trusted” source, don’t open.

These are executable files that are most likely not from the source you think it’s from. Chances are the executables are ransomware or a virus.

7. Block Unknown Email Addresses and Attachments On Your Mail Server

Start filtering out and rejecting incoming mail with executable attachments. Also, set up your mail server to reject addresses of known spammers and malware. Icann has listings of free or low-cost services which can help you do that.

If you don’t have a mail server in-house, be sure that your security services can at least filter incoming mail.

8. Add Virus Control At The Email Server Level

Most attacks start with a suspicious email that a victim is fooled into opening. After opening it or clicking on a link, the virus is unleashed and can do its dirty work.

Installing anti-virus and malware software on your email server can act as a safeguard.

9. Block Vulnerable Plug-Ins

There are many types of web plug-ins that hackers use to infect your computers. Two of the most common are Java and Flash. These programs are standard on a lot of sites and may be easy to attack. As a result, it is important to update them regularly to ensure they don’t get infected by viruses.

You may even want to go the extra step of completely blocking these programs.

10. Limit Internet Connectivity

If you have genuinely critical data, your next step may be keeping your network private and away from the Internet entirely.

After all, if you don’t bring anything into your network, your computers are unlikely to have ransomware downloaded to them. This may be impractical seeing that many companies rely on the Internet and email to do their business, but keeping Internet access away from critical servers may be a way to combat ransomware and viruses.

REFERENCES.

https://phoenixnap.com/blog/preventing-detecting-ransomware-attacks

https://www.malwarebytes.com/ransomware/

https://www.kratikal.com/blog/the-6-biggest-ransomware-attacks-that-happened-in-india/