New

Increasing ransomware attacks 

(MainsGS3: Awareness in the fields of IT, Space, Computers, robotics, Nano-technology, bio-technology and issues relating to intellectual property rights.)

Context:

  • Recently, e-services at the All-India Institute of Medical Sciences (AIIMS) were crippled by a suspected ransomware attack. 
  • The Delhi Police’s Intelligence Fusion & Strategic Operations have registered a case and launched investigations to identify the perpetrators, while cyber security experts are employing software tools for data recovery. 

About ransomware:

  • Ransomware is a type of malicious software, used by cyber criminals, to infect a computer system by blocking access to the stored data by encrypting the files.
  • A ransom is then demanded from the owner in exchange for the decryption key.
  • While it is not yet clear as to how exactly the AIIMS computer systems were targeted, the malware may usually be injected remotely by tricking the user into downloading it upon clicking an ostensibly safe web link sent via email or other means, including hacking.

Seriousness of attack:

  • In India, several cases of ransomware attacks targeting commercial and critical infrastructure have been reported in the recent past.
  • Preliminary findings by cyber experts have indicated that at least five of the AIIMS’ servers that hosted data related to more than three crore patients were compromised. 
  • Cybersecurity firm Trellix, in its third-quarter global report, has identified 25 major ransomwares in circulation. 
  • According to the Interpol’s first-ever Global Crime Trend report presented at its 90th General Assembly meeting in Delhi this October, ransomware was the second highest-ranking threat after money laundering, at 66%. It is also expected to increase the most (72%).

Agencies to deal with cyber-attacks:

  • The Indian Computer Emergency Response Team (CERT-In) set up in 2004, is the national nodal agency that collects, analyses and circulates inputs on cyber-attacks; issues guidelines, advisories for preventive measures, forecasts and issues alerts; and takes measures to handle any significant cyber security event. 
  • The National Cyber Security Coordinator, under the National Security Council Secretariat, coordinates with different agencies at the national level on cybersecurity issues, while the National Critical Information Infrastructure Protection Centre has been set up for the protection of national critical information infrastructure. 
  • According to the government, the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for detection of malicious software programmes and to provide free tools to remove the same, while the National Cyber Coordination Centre works on creating awareness about existing and potential threats.

Recommended best practices:

  • The Indian Computer Emergency Response Team (CERT-In) recommended maintaining regular offline data backups which need to be encrypted, immutable and should cover the entire organisation’s data infrastructure.
  • Regularly check data and code/scripts integrity with all accounts should have strong and unique passwords with account lockout policy and multi-factor authentication for all services to the extent possible.
  • Organizations need to have a separate administrative network from business processes with physical controls and Virtual Local Area Networks, no unnecessary access to administrative shares; a host-based firewall should be installed to only allow connections to such shares via server message block from a limited set of administrator machines.
  • Further a disable remote desktop connections having the least-privileged accounts for remote desktop usage and a proper Remote Desktop Protocol logging and configuration, and anti-virus software should be updated; users must not open attachments or URL links (even ostensibly benign) in unsolicited e-mails and use secure web browsers, etc.
Have any Query?

Our support team will be happy to assist you!

OR