The most common ransomware that are affecting Indian companies currently is DJVU or STOP ransomware, said Deepak Kumar, a senior cyber intelligence professional at the home ministry's Indian Cyber Crime Coordination Centre.
During a recent online discussion to raise awareness on trends of cybersecurity, Kumar said, "In India, maximum companies are getting attacked by DJVU/Stop ransomware. We have seen various cases of DJVU including its variants. It is very common."
DJVU ransomware is a widespread file-encrypting virus that uses cryptography algorithm to lock the victim's data on a computer or whole server.
According to Blackberry, DJVU masquerades as legitimate services or applications to fool victims. The ransomware also partners with other threat groups to give them the option to steal data at the victim's expense.
In 2022, the Indian Computer Emergency Response Team (CERT-In) said it observed a 51 percent increase in ransomware incidents in the country in the first half of the business year.
CERT-In attributed the rise in attacks to DJVU ransomware along with Phobos, a ransomware which “strikes smaller companies and individuals that have less capacity to pay relative to larger businesses”, to have played a role in the spike.
In November 2022, the country's premier health institute All India Institute of Medical Sciences, Delhi, faced a ransomware attack, paralysing its servers. A case of extortion and cyberterrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.
Modus operandi
During the online discussion, Kumar said, "Any individual or organisation can get targeted. The method is very clear — first, scanning for vulnerabilities; find vulnerabilities; access data and so on."
Earlier, CERT-In had said that ransomware gangs were focusing on penetrating known unpatched vulnerabilities of public-facing applications for gaining entry into the network.
“Compromised credentials of remote access services (VPN/ RDP) are being used by threat actors to gain entry into the network,” it said.
Inside jobs
Contrary to the belief that the majority of cyber attacks happen due to external factors, Kumar said that many of them were insider jobs.
"Through various cyber crime investigations, we have realised that maximum crimes happen because of insider jobs. It could be a document on your desk, which someone could copy it, take an image of it and take it through WhatsApp and so on," he said.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
