SpiceJet on Wednesday said it has thwarted a ransomware attack attempt. This hobbled the airline’s systems and delayed multiple flights by several hours. While the fallout, at worst, frayed passenger tempers and tangled logistics, the incident has shifted the spotlight to the menace of ransomware attacks, which gained prominence in 2017.
In fact, all available data suggests that ransomware is here to stay. So, best prepare yourselves.
A recent report by anti-malware software maker Malwarebytes stated that there were 280 cases of attacks by known types of ransomware just in April 2022. Of these, India accounted for 5 attacks, or 2 percent.
As per a report by US wireless carrier Verizon, there was a 13 percent increase in ransomware attacks globally, including in India, in 2021.
The “2022 Data Breach Investigations Report (DPIR)” said last year accounted for more ransomware attacks than the previous four years combined. For the purpose of the report, Verizon studied 5,212 breaches, and 23,896 cybersecurity incidents reported by 87 organisations.
What is ransomware?
A ransomware attack, like the name suggests, is an attempt by hackers to hold a system hostage. The attacker will deny the target — typically a large organisation — access to the system until a ransom is paid. This is achieved by either gaining unauthorised access to a system remotely, or tricking the target into downloading a legitimate-looking file or clicking on a link sent on email, which then encrypts the user’s files and locks them.`
More sophisticated ransomware attacks — like WannaCry — are capable of transmitting between computers without user intervention.
According to the report, there are four key paths a hacker could take to holding a company to ransom — duplicating credentials, phishing, exploiting vulnerabilities, and deploying botnets. Duplicating credentials was the most widely used method to execute a ransomware attack in 2021, with an over 40 percent share.
System intrusion attacks in 2021
A system intrusion attack — of which ransomware is a subset — comprises techniques that leverage a combination of social engineering, malware deployment, and hacking.
System intrusion attacks increased dramatically in 2021. North America accounted for the highest number of such attacks in 2021, with more than 900. The previous year, this region accounted for close to 500 breaches. The Asia Pacific region, including India, reported 30 breaches in 2020 and 54 in 2021.
Verizon found that in 98 percent of the cases, the culprit was an external actor, with financial gains being the motive in 93 percent of the cases. Industrial espionage, at 6 percent, too was a factor. In 42 percent of the cases, credentials were stolen, while personal data was stolen in 37 percent of the attacks.
Prominent ransomware attacks
Ransomware attackers are very tricky to track down as most of them demand ransom in modes of payment that are untraceable, such as cryptocurrency. The WannaCry attack, which lasted four days from May 12-15, 2017, is estimated to have affected more than 2 lakh computers across 150 countries, resulting in losses of billions of dollars in business.
India was the third worst-affected nation, with cybersecurity firm Quick Heal Technologies stating in a report that around 48,000 computers were targeted in the attack, with most incidents in West Bengal.
In August 2018, a variant of WannaCry infected 10,000 computers operated by semiconductor giant TSMC, forcing the company to shut several of its chip-fabrication factories temporarily.
North Korea was accused of initiating the WannaCry attacks, with the US Department of Justice formally charging a hacker named Park Jin-hyok in 2019.
How to block a ransomware attack
Unlike other forms of cyber attacks, ransomware is relatively straightforward in that the perpetrator is typically only interested in monetisation — holding the organisation hostage — and so, may not necessarily be interested in stealing information. For this, they only need to encrypt the data and make it inaccessible to the targeted individual or organisation.
The Verizon report suggests that vigilance should be enough to counter the threat in most cases — 40 percent of ransomware incidents involved the use of desktop sharing software, and 35 percent involved email attachments/links.
“If attackers have credentialed remote access, they can leverage that directly. Otherwise they must make their own remote access by emailing either malicious links or attachments,” the report states.
“Locking down your external-facing infrastructure, especially RDP (remote desktops) and emails, can go a long way toward protecting your organisation against ransomware,” the report adds.
Malwarebytes issued an advisory on the best ways to mitigate ransomware attacks, such as:
Risk Recon, a third-party cyber risk management company set up by Mastercard, said the best protection is to create awareness, whether at an individual level or an organisational level.
“About 42 percent of ransomware attacks start with phishing. Ensure that (companies) are educating their personnel regarding the risk of phishing attacks and how to avoid becoming a victim,” Risk Recon said in a report titled “Managing the Risk of Ransomware in the Supply Chain”, prepared after studying 633 cases of disclosed ransomware attacks from 2017 to 2021.