Ransomware is a malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
Cybercriminal gang use ransomware to lock files from being used assuming that those files have extremely crucial information stored in them and the users are compelled to pay the ransom in order to regain access.
Recently, there was a massive hit when one of the largest ransomware attacks in history spread worldwide. This has forced the Swedish Coop grocery store chain to close all 800 of its stores because it could not operate its cash registers.
The ransomware gang is called Revil and is suspected of hijacking Kaseya`s desktop management tool VSA and pushing a malicious update that infect tech management providers serving thousands of businesses. The shutdown of the major food retailer followed Friday`s unusually sophisticated attack on U.S. tech provider Kaseya.
By targeting Kaseya’s VSA, the hackers were able to open the door to infect more computers in what is known as a supply-chain attack. About 50 of Kaseya’s immediate customers were compromised and about 40 of those customers were sellers of information-technology services, which potentially let the hackers reach more victims.
It has been anticipated that thousands of small companies might have been. Moreover, Huntress Labs, one of the first to sound the alarm of the wave of infections at the providers` clients. The businesses were impacted in a huge way as files were encrypted and were left electronic messages asking for ransom payments of thousands or millions of dollars.
According to some experts the timing of attack was in such a way that it started before a long U.S. holiday weekend so that people are off their jobs on weekend. It has been observed that a wide array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector.
Cybersecurity teams have worked to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit. The Revil ransomware has demanded a ransom of about 520 crores. More than a ‘million’ systems are reportedly affected by this supply chain ransomware attack, claimed the gang. Kaseya VSA has admitted that almost 60 percent of its clients are affected by the attack.
Indian Perspective
According to a new analysis from Check Point Research, ransomware attacks have increased by 102% all around the world in 2021 compared to 2020. In addition, India is one of the most affected countries, with around 213 ransomware attacks per organization weekly which is up by 17% from the start of the year.
The primary reason for the increase in cyber-attacks was a lack of work from home security measures. Furthermore, numerous ransomware families have recently developed sophisticated tactics for stealing sensitive data. This attack restricts the organization’s confidential, financial or sensitive information by gaining illegal access to an organization’s network. Cyber hackers demand a ransom in exchange for access to files or systems that have been banned.
Indian computer systems have largely escaped a global ransomware attack as the government and companies installed security patches to gain an upper hand against the first wave of an unrivalled global cyber-attack.
A global cyberattack unleashed that more than 200,000 computers across more than 150 countries were affected by the “ransomware,” called “WannaCry,” Microsoft recently published a data mentioning how many machines (users) were affected by ransomware attacks across the world. It was found that the United States was on the top of ransomware attacks; followed by Italy and Canada.
The best way to protect the computer is to create regular backups of files. The malware only affects files that exist in the computer. If the machine is infected by ransomware, reset the machine using backup and reinstall the software and restore all the files from the backup. According to Microsoft’s Malware Protection Centre, other precautions include regularly updating your anti-virus program; enabling pop-up blockers; updating all software periodically; ensure the smart screen (in Internet Explorer) is turned on, which helps identify reported phishing and malware websites; avoid opening attachments that may appear suspicious. As the popular saying “Prevention is better than Cure”.
Anti-ransomware solutions monitor programmes running on a computer for suspicious behaviours commonly exhibited by ransomware, and if these behaviours are detected, the programme can take action to stop encryption before further damage can be done.
As ransomware continues to become more and more widespread, companies will need to revise their annual cybersecurity goals and focus on the appropriate implementation of ransomware resilience and recovery plans and commit adequate funds for cybersecurity resources in their IT budgets.
If preventative steps are not taken, security ignorance can cost a company more than its income. In the current situation, attackers have increased their ability to launch new sophisticated ransomware operations. As a result, it is preferable to begin implementing cybersecurity policies as soon as possible, rather than waiting until it is too late.
