Ransomware is an act of crime punishable by law. Criminals hack into the computer systems or devices and lock out the user. Once the ransom is paid, the system or device is unlocked.
Ransomware threats have lately targeted companies such as Spicejet, Oil India, BSNL, Telangana Power Utilities, and others. Perpetrators are increasing their attacks on enterprises and consumer devices, finds a Microsoft study.
Ransomware is an act of crime punishable by law. Criminals hack into the computer systems or devices and lock out the user. Once the ransom is paid, the system or device is unlocked.
Microsoft Defender for Endpoint blocked more than 9.6 billion malware threats targeting enterprise and consumer customer devices, between January and December 2021, according to a Microsoft report, Cyber Signals January to December 2021.
In India, the most recent large-scale ransomware attack was the one against airlines about five days ago. Click here to read more about that.
There has been an increase in attacks and phishing campaigns, especially ransomware attacks, that target not just critical infrastructure providers or large enterprises but also small and medium businesses, due to the shift to a remote working environment, said Rama Vedashree, CEO Data Security Council of India (DSCI), at a recent roundtable conference on cyber security.
The report also states that contrary to popular belief that there is a single monolithic entity organising such ransomware attacks, in reality, it's quite the opposite.
“A type of ransomware can only become prolific when it gains access to credentials and the ability to spread. From there, even if it is a known strain, it can do a lot of damage,” the report stated. There is a cybercriminal economy where different criminals participate in a commoditised style of attacking. The aim is to generate maximum profit based on how each criminal exploits the information that they get access to. The higher the quality of information, the higher is the monetary reward.
Three Main Ways Of Ransomware Attacks
According to the report, cybercriminals used three primary entrance vectors to plug the ransomware into the systems of the victim.
All of these vectors can be mitigated with proper password protection, identity management, and software updates in addition to a comprehensive security and compliance toolset, noted the report.
A ransomware attack affects not only the company also but its customers. For example, in the Spicejet ransomware attacks, passengers had to face delays of several hours. In the attack on Oil India, the PSU received a ransom demand of $75,00,000 (over Rs 57 crore).
There are various such cases, but organisations can protect themselves from ransomware attacks. Here’s how.