Troubled times for India Inc as ransomware attacks become more frequent

Industry experts point to a spike in the use of Ransomware as a Service (RaaS), a SaaS-based attack vector. Criminals can buy it on the dark web and needn't know how to code it in order to use it

There were reports on May 25, of a ransomware attack on budget carrier SpiceJet that had affected the company's IT systems, leading to a delay in the audit process and the release of quarterly earnings.

SpiceJet is just one of several companies in India to have been affected by ransomware. According to a report by the PCI Security Standards Council (PCI SSC), ransomware attacks cost the world about $20 billion in 2021 and affected 37 per cent of all businesses and organisations. The data shows that a staggering 76 per cent of Indian companies were affected by ransomware attacks at least once, while 49 per cent of them suffered multiple attacks. State-run Oil India too had faced a similar ransom demand of $75,000,000 in recent times.

Ransomware is a type of malware that typically prevents users from accessing and using their files, applications or systems until a ransom is paid. According to industry experts, there has been a spike in the use of Ransomware as a Service (RaaS), which is a software-as-a-service attack vector. Criminals can purchase ransomware software on the dark web and needn't know how to code it in order to use it.

Verizon Business 2022 Data Breach Investigations Report (DBIR) considers ransomware as the most significant threat organisations face today. Ransomware attacks have been showing an upward trend, with a near 13 per cent increase in the last one year, which is as large as the combined spike of the past five years. The rise in crypto currency usage also led to the current spike, say industry reports.

“It is important to note that ransomware by itself is just a model of monetising an organisation's access. Blocking the four key paths--credentials, phishing, exploiting vulnerabilities and botnets--helps secure the most common routes ransomware uses to invade a network,” says Anshuman Sharma, Head Investigative Response at Verizon, said in response to a Business Standard query.

Rahul Sasi, Founder and Chairman, cyber security firm CloudSEK, has similar views. He says that at corporate houses, the practice of employees trying to download pirated software is a major concern nowadays. A report by another cyber security firm Sophos indicates that India is the country fourth-most affected by ransomware attacks, with Austria, Australia and Malaysia taking the top three slots. It added that 78 per cent of Indian organisations were hit by ransomware in 2021.

What is even more alarming is the fact that reports said that Indian organisations paid an average ransom of $1.2 million to get their data encrypted. Based on one of the datas, Indian organisations spent an average amount of $2.81 million to rectify ransomware attacks.

“The DBIR further highlights that 40 per cent of ransomware incidents involved the use of a desktop sharing software and 35 per cent involved the use of emails. There are also a variety of tools the threat actor can use once they are inside the company’s network, however, locking down the external-facing infrastructure, especially Remote Desktop Protocol (RDP) and emails, can go a long way toward protecting the organization against ransomwares,”  Sharma said.