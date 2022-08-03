In a first of its kind report, the Indian Computer Emergency Response Team (CERT-In) said that it has observed a 51 percent increase in ransomware incidents in the country in the first half of the business year (H1) in 2022.

A ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

CERT-In attributed the rise in attacks in India to Djvu, a ‘high-risk’ virus that majorly targets citizens. The agency also named Phobos, a ransomware which “strikes smaller companies and individuals that have less capacity to pay relative to larger businesses”, to have played a role in the increase.

It also attributed the increase to Hive, a year-old ransomware which has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service (RaaS) ecosystem, according to Microsoft.

Ransomware as a service (RaaS) is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks, said Upguard, a cybersecurity company.

In the report CERT-In said, “Ransomware-As-A-Service (RAAS) ecosystem is evolving with sophisticated double and triple extortion tactics and a wide range of ransomware campaigns through affiliates.”

“This is leading to higher probability of monetization and further rise in attack campaigns. Post covid accelerated digitalisation and hybrid work culture are also aiding this threat emergence,” it added.

The information technology sector was the most affected when it comes to these attacks, CERT-In said, followed by manufacturing and finance.

Modus Operandi

The agency noted that ransomware gangs were focusing on penetrating known unpatched vulnerabilities of public facing applications for gaining entry into the network.

“Compromised credentials of remote access services (VPN/ RDP) are being used by threat actors to gain entry into the network,” it said.

Apart from that, CERT-In said phishing campaigns are also another major source of ransomware infections.

Zerofox describes a phishing campaign as a scam created by cybercriminals to steal financial resources or sensitive data from victims using manipulative emails or other fraudulent digital assets.

Trends

The Indian Computer Emergency Response Team said:



Threat actors were leveraging tools that are already available in the cyber environment rather than making custom tools and malwares



By this way, they were being able to bypass many security controls



Threat actors are also able to execute scripts that reboot victim’s machine into ‘safe mode’, and thus bypass security solutions

Aihik Sur covers tech policy, drones, space tech among other beats at Moneycontrol

In terms of mitigation, the agency recommended victims to immediately disconnect and isolate infected systems from the network. IT also recommended to turn off any wireless internet connectivity and isolate all system backups.