Ransomware attacks targeting Indian businesses are on the rise with more than 2.35 lakh such incidents detected in 2023 alone, said a latest report released by global cybersecurity company Kaspersky.
It mentioned that a total of 235,472 ransomware incidents were detected by Kaspersky cybersecurity solutions for businesses in India in 2023.
Kaspersky experts insist on organisations, regardless of shape and size, to beef up their IT security posture as ransomware, especially the targeted type, continues to be a damaging menace for organisations in the country.
“The era of widespread mass attacks by encryptors on both individuals and businesses is gradually fading away. Instead, we are witnessing a shift towards organised groups that execute hacks involving data theft and encryption, commonly referred to as double extortion. The rationale behind this evolution lies in the perpetrators’ ability to operate with greater efficiency, thereby enabling them to demand significantly higher ransom sums,” says Fedor Sinitsyn, lead malware analyst at Kaspersky.
In 2023, India has witnessed ransomware attacks against different organisations – a major healthcare institution, government departments, Indian telecom company, as well as power and utility company In most cases, the malicious software took down the servers.
One instance involved cybercriminals demanding a ransom of Rs 1 crore for return of the stolen data.
According to Kaspersky security experts, ransomware attacks have been causing waves globally and is becoming prevalent in India as well. For example, Fonix Ransomware targeted manufacturing, retail, agriculture, media and healthcare companies in India. This group ran the malware attack as a Ransomware-as-a Service. LockBit is another ransomware that attacked major organisations in India by infecting Windows systems. In fact, it is the first ransomware to infect Apple systems as well.
“We predict that in 2024, ransomware attacks on big organisations will become even more prevalent. Threats like extortion, operation disruption, and data theft and leak will become more and more common. As a result, enterprises and organisations need look into cybersecurity technologies that provide absolute anti-ransomware effectiveness in third-party exams. It’s time to take this ransomware menace seriously,” says Jaydeep Singh, general manager for South Asia at Kaspersky.
Kaspersky Endpoint Security for Business, Kaspersky Small Office Security and Kaspersky Standard demonstrated complete protection against ransomware in 10 different real-life attack scenarios during regular Advanced Threat Protection assessments held by AV-TEST.
To combat ransomware and assist those affected, Kaspersky, alongside Europol, the Dutch National Police, and others has the No More Ransom initiative, launched in 2016. On the official website, participants provide decryption tools, guidelines, and instructions to report cybercrimes, irrespective of the location of the incident.
By the end of 2023, Kaspersky marked the seventh anniversary as a key contributor to the No More Ransom initiative. This period witnessed expanded access to Kaspersky’s free decryption tools, in line with its commitment to combating ransomware. These tools, targeting 39 ransomware families, have been integral in assisting nearly 2 million victims globally, as reported by Europol, underscoring the profound impact of the No More Ransom initiative supported by Kaspersky.
Tips proposed by experts to mitigate ransomware attacks
- Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary and always use strong passwords, two-factor authentication and firewall rules for them.
- Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.
- Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities.
- Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections.
- Back up data regularly with special attention to offline backup strategies. Make sure you can quickly access it in an emergency when needed.
- Avoid downloading and installing pirated software or software from unknown sources.
- Assess and audit your supply chain and managed services’ access to your environment.
- Prepare an action plan for reputational risk of your data exposure in the unfortunate event of data theft.
- To protect the corporate environment, educate your employees. Dedicated training courses can help.
- Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
