Ransomware attacks on Indian IT firms

Ransomware attacks on Indian IT firms 

Context:

• Recently, IT services provider HCL Technologies, in its quarterly report, informed that it was hit by a ransomware incident within its restricted cloud environment.
• However the company stated there was no “observable” impact on the overall HCL Tech network after the attack.
• HCL Tech is an Indian information technology company which provides solutions in the digital realm, including end­to­end digital offerings, cloud­based solutions, and software.

What is Ransomware?

• Ransomware is generally an extortion software which is designed to lock or encrypt a device or data on a system.
• After the locking or encryption they will demand a ransom for its release.
• The attacks follow a simple routine plan in most of the cases wherein attackers gain access to a device or protected data in the cloud.
• According to the nature of the ransomware, some will either lock or encrypt devices, data stored in the cloud, or the entire internal network of an organisation.
• Attackers generally leave a message behind with instructions on the ransom amount to be paid, mode of transfer, or instructions on how to contact them for further guidance.

Why are ransomware attacks a matter of concern?

• There are increasing ransomware attacks on the Indian Organisations.
• According to the study conducted by Sophos in 2023 which is a cybersecurity company, stated that nearly 73% of organisations reported being victims of ransomware attacks, increased from 57% the previous year.
• According to the Indian ransomware report which was released by India’s Computer Emergency Response Team (CERT­In), there is about 51% increase in ransomware incidents which were reported in H1 2022.
• The majority of these attacks were on targeting data centres, IT, and TeS sectors in the country.

Which other Indian organisations faced ransomware attacks?

• Recently a month back, a U.S.­based subsidiary of Infosys was reportedly targeted by a ransomware attack.
• In March, Indian drug manufacturer Sun Pharma was also targetted by a cyberattack.
• In November 2022, a major ransomware attack crippled the All India Institute of Medical Sciences (AIIMS) for number of days.
• Hackers reportedly demanded approximately about ₹200 crores in cryptocurrency from the hospital.

Why the IT organisations become the targtet?

• Threat actors generally tend to focus their attacks on organisations which hold valuable data.
• It is assumed that the more value the data has to the organisation and its stakeholders, the higher the chances that the ransom will be paid to the threat actors.
• It is believed that IT organisations and software vendors hold a lot of valuable data which include sensitive information like intellectual property among others.
• If this data is leaked by threat actors, it could lead to a decrease in their value and replication of software, devaluing the company and threatening its revenue streams, making them more vulnerable.
• Apart from that, IT organisations providing cloud security and data solutions may also hold large repositories of data for their clients.

Steps to prevent Ransomware Attacks:

• Avoid opening unverified emails or clicking links from unknown sources.
• Back up the important files using the 3-2-1 rule which is creating three backup copies on two different media and with one backup in a different location.
• Updating software, programs, and applications regularly to protect them from the latest vulnerabilities.
• Enforce the principle of least privilege which prevent users from running certain programs that may be used by ransomware variants.
• Limiting the access to shared or network drives and turn off file sharing. This helps to minimizes the risk of a ransomware infection being spread to other devices.