By Sanjay Kaushik: Every individual, business, corporate, institution, and government are today under the threat of cyber attacks. More and more use of technology and its evolution gives space to cyber crime. Such crimes have taken over all the other crimes in terms of rise and loss in terms of value. It is the most dangerous attack today as the criminals capitalise on vulnerable security systems for their gain and the victim has no idea about them.
It can strike you anywhere and anytime. From an individual to a government organisation, all are under attack and hence every attack needs to be dealt as an attack on the nation. Every attack is a wake-up call for the nation.
Cyber-attacks such as phishing and ransomware have seen rampant growth in the last two years cyber criminals have seen major opportunities. AIIMS, Delhi faced a major ransomware attack with demands of approx Rs 200 crore in cryptocurrencies and the fiasco continues.
It is presumed that data of millions of patients might have been compromised and operations at AIIMS remain affected. With AIIMS servers already hacked, the cyber attackers intensified the attacks on other health and research organisations website tried to hack Indian Council of Medical Research’s (ICMR) website for more than 6000 times in a span of 24 hours, but were not successful.
Ransomware attacks are among the biggest cyber threats in the VUCA world. Ransomware is something similar to like kidnapping. In earlier days, it was the person who was kidnaped and Ransom was demanded. In the current cyber world, its data which is encrypted (Kidnapped) and Ransom is demanded to decrypt the data. The ransom payment may guarantee the return of kidnapped person. But it is more dangerous in the cyber world. One might get decryption key post paying Ransom but the attacker might decide to sell the data in dark web a few months later.
As per CERT-IN report, there is approx. 51% hike in ransomware attacks in the first 6 months of 2022 in comparison to the previous year and it is ever-increasing.
Some of the recent known Ransomware Attacks In India were AIIMS, SpiceJet, Oil India, Jawaharlal Nehru Port Trust, Tech Mahindra, Haldiram’s Andhra Pradesh and Telangana Power Utilities. Wannacry and Petya Ransomware infected 40,000 Computers Across India. These are very few known to everyone, as many go without being reported.
We had a couple of companies that approached us recently both were planning for their IPOs and were under Ransomware attack. In one of the case, all the servers were encrypted and entire operation was severely impacted. They hired us to help them get out of this entire incident. It took couple of days and they were required to even get the insurance company into play to get this issue resolved.
In the other case, it was not that bad however the situation was similar as they were also nearing the listing and if this news would have come out it could have been a very big challenge. We have a cyber forensic lab and experts into cyber security that helped them to deal with the attack.
In one of the incidents known to us, the company was forced to pay money in cryptocurrency as all the manufacturing units came to halt due to the attack.
Do’s and don’t for Ransomware attack
• Disconnect the affected machine from network
• Stop all external Command/Control and ensure to block any remote access (SMB/RDP).
• Change all Credentials (if possible)
• Review Logs and find if any Lateral Movement.
• Keep backup of event logs in an offline Mode
(Always good if have a Secure Backup)
• Share ransom note (screenshot) or sample encrypted file to an Expert/Consultant
• Do not shutdown/restart the affected device
• Do not run antivirus scans before taking a snapshot of the memory dump (but, if possible, Update all Virus/Malware Signature)
• Do not keep backup or offline drives connected to the affected machine/server.
About Author: Sanjay Kaushik, Managing Director Netrika Consulting India Pvt Ltd. Netrika is an India MNC and empaneled with CERT-IN.