Ransomware: Nightmare for Global Stakeholders

Blogs & Articles

16 Dec 2022

Cybersecurity

Ransomware: Nightmare for Global Stakeholders

Ransomware attacks are showing no marks of slowing down and getting more sophisticated as another calendar year is about to close. As per Statista, there were a total of 236.1 million ransomware attacks worldwide during the first half of 2022. Ransomware has been a proven and efficacious business model for global adversaries.

Ransomware – A Silent Beast for All Business Verticals

Ransomware is no less than a plague for enterprises (of all sizes) across every sector, be it public or private. For instance, the Indian healthcare industry has faced 1.9 million cyber-attacks in 2022 till November only. Recently, the All India Institute of Medical Sciences (AIIMS) became the latest victim after it experienced a massive ransomware attack that badly affected patient care services for several days. This attack exposed nearly 40 million records of AIIMS patients, including privileged and VIP dignitaries. Hackers demanded around INR 200 crore in cryptocurrency as ransom.

In another security incident, Air Asia, one of the prominent players in the Aviation sector, suffered a huge data breach that resulted in the loss of personal information of over 5 million users, including customers’ and employees’ details. Furthermore, if we talk about the BFSI sector, it is also not untouched by the rising wave of ransomware. According to a recent Sophos report, ransomware attacks on financial services have increased to 55% in 2021, up from 34% in 2020. Ransomware is gradually holding a place in every boardroom discussion, increasing challenges for stakeholders to ensure business continuity and security.

Why Indian digital Space is Targeted by Global Threat Actors?

As compared to other countries in the APAC region, India has registered significant growth in terms of digitalization. In addition, a lot of organizations adopted an online business model post-COVID outbreak. Digital transactions also registered a mammoth growth since the pandemic. All this, coupled with a lack of cybersecurity awareness and measures has given threat actors a lot of opportunities to gain immense remunerations. As per an IBM report, India was the second most attacked country in 2020 after Japan in the Asia Pacific region and ransomware was the top attack that accounted for nearly 40% of total cyber-attacks.

If we list out a few major factors for growing cyber-attacks against the Indian economy, it must include:

  • Swift transition to cashless economy post demonetization
  • Usage of unlicensed software (aka cracked software)
  • Malicious mobile applications
  • Utilization of offshore servers

Different Ways of Delivering Ransomware

Cybercriminals are always in search of innovative ways to get unprecedented access to the victim’s computer. Although the process of deploying ransomware appears straightforward, threat groups use several tactics to evade security controls and install ransomware.

Have a look at different methods to distribute ransomware.

  • Phishing: A majority of ransomware variants are deployed using mass phishing email campaigns. Adversaries utilize legitimate-looking emails that contain malicious attachments or URLs to malicious web pages to trick people and trigger the download of ransomware.

  • Exploiting RDP: Remote Desktop Protocol (RDP) is a communication protocol that is used extensively for getting remote access to systems. It uses port 3389, which if gets exploited, can allow hackers to initiate massive ransomware attacks. Threat actors utilize port scanners to look for such vulnerable ports. Once identified, they apply brute-force techniques to get the login credentials and achieve their objective.

  • Unlicensed Software: A majority of users still use pirated software as they are easily available on several websites for free of cost. But they significantly increase the risk of cyber-attacks, especially ransomware attacks as such software do not receive official security updates and hence becomes highly vulnerable. Cybercriminals always look to leverage these cracked versions to inject malicious code and use them as droppers for payload.

  • Malicious Removable Media: It is one of the easiest ways to infect any computer, laptop, or any network asset. Adversaries wait for the user to connect infected devices like USB flash drives and memory sticks to their systems. Once connected, it could allow hackers to distribute ransomware within the system and even the entire organization.

  • Drive-by Downloads: Threat actors also try to leverage the popularity of popular and legitimate websites to distribute ransomware payloads. They redirect victims to such malicious websites or web pages that they control. There are so many exploit kits available, such as Spelevo and RIG that enables hackers to check devices for potential vulnerabilities and execute ransomware (once identified) without clicking anything.

Security Tips to Take Guard against Ransomware

Bytetra recommends following security practices for organizations to remain safe from the growing threat of ransomware attacks.

  • Follow Cyber Hygiene: We offer highly effective vulnerability assessment services to help enterprises assess their security posture, and identity and minimize their exposure to threats such as ransomware, data breaches, phishing, etc.

  • Use Powerful EDR Solution: We suggest organizations use an advanced Endpoint Detection and Response (EDR) solution as it has the capability of continuous detection and response against different malware; provides anti-ransomware capabilities; and discovers file-less and living off-the-land attacks. Additionally, it also offers threat intelligence–based detection.

  • Implement Next-Gen SIEM Solution: With the help of a next-generation SIEM solution, organizations can aggregate data from multiple sources like applications, servers, users, devices running on the cloud or on-premise, etc. Such a solution can reduce false positive alerts to a great extent, generate accurate alerts and prioritize escalations effectively. It has the ability to filter large chunks of events and utilize Machine Learning to determine any incongruities, which may be concealed within acceptable user behavior.

  • Security Awareness Training Sessions: In most cases, cybercriminals gain access to an organization’s network through the inadvertent engagements of employees. This includes falling prey to a phishing attack, clicking on malicious URLs, and downloading/opening malicious attachments. Bytetra strongly recommends organizations conduct cybersecurity awareness and training programs for all employees, partners, and stakeholders on a regular basis. Some basic preventive measures might include (but are not limited to):

    • Apply the habit of using strong passwords
    • Always verify senders before opening any suspicious email
    • Encourage the use of two-factor authentication
    • Always download security updates

© 2024 Bytetra, All rights reserved.