Context: The Computer Emergency Response Team of India (CERT-In) has reported that ransomware attacks are not only motivated by money but also by geopolitical conflicts.

What is Ransomware?

• Ransomware is a type of malicious software or malware that is designed to block access to a computer system, network, or data until a ransom is paid. E.g., WannaCry (2017), Petya/NotPetya (2017); GandCrab (2018).

Key highlights of the report

• India saw a 53 per cent increase in ransomware incidents in 2022 (year-over-year) and IT and ITeS was the majorly impacted sector followed by finance and manufacturing.

• Ransomware players targeted critical infrastructure organisations and disrupted critical services in order to pressurise and extract ransom payments in 2022.

• Variant wise, Lockbit was a majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware. 

• Many new variants were observed in 2022 such as Vice society, BlueSky etc. 

• In 2022, a massive ransomware attack disrupted the systems at the All India Institute of Medical Science (AIIMS), crippling its centralised records and other hospital services.

• According to the CERT-In report, at the large enterprise level, Lockbit, Hive and ALPHV/BlackCat, Black Basta variants became major threats, whereas Conti, which was very active in the year 2021, became extinct in the first half of the year 2022.

• Makop and Phobos ransomware families mainly targeted medium and small organisations. 

• At individual level, Djvu/Stop variants continued dominance in attacks over the past few years.

• Most of the ransomware groups are exploiting known vulnerabilities for which patches are available.

• Some of the product wise vulnerabilities being exploited are in tech companies like Microsoft, Citrix, Fortinet, SonicWall, Sophos, Zoho. and Palo Alto etc.

• Ransomware gangs are commonly using Microsoft Sysinternals utilities such as PsExec for lateral movements.

• On an average, the restoration time is about 10 days for infections in reasonably large infrastructure networks.

Various initiatives for cybersecurity

Global

• Budapest Convention on Cybercrime (2004, the first international treaty that seeks to address Internet and cybercrime by harmonizing national laws)—India is not a signatory.

India

• Policies: National Cyber Security Policy 2013; National Cyber Security Strategy 2020

• Schemes: Cyber Surakshit Bharat Yojana (2018, MeITY+ NeGD+ Industry)—to create awareness programs on cyber security; Cyber Swachhta Kendra (free Botnet Cleaning and Malware Analysis tools)

• Institutions: Indian Cyber Crime Coordination Centre(I4C) (est. in 2018; under Home Ministry)—to combat cybercrime in India in a comprehensive and coordinated manner; National Critical Information Infrastructure Protection Centre (NCIIPC); National Cyber Coordination Centre (NCCC) (under CERT-In).

Conclude

• Continuous efforts are needed to Secure (National Cyberspace), Strengthen (Structures, People, Processes, and Capabilities), and Synergise (Resources including Cooperation and Collaboration) in the field of cyberspace in India.

About CERT-IN

• The Indian Computer Emergency Response Team (est. 2004; HQ: New Delhi) is an office within the Ministry of Electronics and Information Technology. 

• It is the nodal agency to deal with cyber security threats like hacking and phishing. 

• It strengthens the security-related defence of the Indian Internet domain.