Ransomware attacks against Indian citizens and organisations increased by 51 per cent in the first half of 2022, as compared to the same time period last year, the Indian Computer Emergency Response Team (CERT-In) noted.
The observation was made by the agency in a new report released on Tuesday, which mapped ransomware trends and incidents. CERT-In is the nodal agency for all cyber incidents in the country and coordinates with cyber cells in every state for effective cyber threat intelligence and mitigation.
Ransomware is malware that is specifically programmed to capture all the data of a compromised machine, turn it into a format that cannot be opened without an encryption key and then hold the data to ransom.
The catch is that, particularly in cases of organisations, there is no guarantee that the data will not be sold to a third party or simply dumped on the internet even after the ransom is paid.
According to the report, the information technology (IT) sector was the highest hit by ransomware attacks in the first half of this year, followed by the manufacturing and finance sectors. The first six months of 2022 also witnessed ransomware attacks against critical infrastructure industries like transport, power and oil & gas.
“Threat actors are continuing to modernise their attack tool kits with high-impact strategies. The Ransomware as a Service (RaaS) ecosystem is evolving with sophisticated double and triple extortion tactics and a wide range of ransomware campaigns through affiliates. This is leading to a higher probability of monetisation and a further rise in attack campaigns. The post-COVID accelerated digitisation and hybrid work culture are also aiding this threat's emergence,” CERT-In observed in its report.
RaaS, as the name suggests, is a practice among the malicious hacker community wherein ransomware created by one hacker is leased out to other hackers for a price.
This is done by creating unique codes that the customers can use to operate the ransomware on a one-time basis and within an expiry period. The report also noted that hackers continue to rely on known vulnerabilities in systems, phishing campaigns and compromised log-in credentials to gain initial access into systems.
In a work culture where hundreds of employees are connected to the company server through their computers and cell phones, all it takes is one careless click by one employee for the threat actors to gain access.
Another trend observed by CERT-In was that ransomware gangs are 'living off the land', meaning that the hackers are able to exploit or abuse already existing tools in the target system instead of creating custom tools to gain entry.
The advantage of a living-off-the-land attack is that there is no foreign or unknown code being inserted into the system, making it less likely to throw up an alarm.