Discover the Latest in Intralogistics & Packaging Automation – December Issue Out Now!  Click Here to Read.

Discover the Latest in Intralogistics & Packaging Automation – December Issue Out Now!  Click Here to Read.

default-banner

Ransomware Extortion Attacks and Ways to Deal with Them

Ransomware attacks surged by 24% in India in the first half of 2024, with 156,917 incidents reported, targeting sectors like healthcare, manufacturing, and government. Dr. Shekhar Pawar emphasizes the importance of cybersecurity measures and compliance with the DPDP Act to mitigate penalties and safeguard sensitive data.

[object Object]

Ransomware attacks increased by 24% in India in the first half of 2024 — Organisations Ignorance may face penalties of the DPDP Act, says Dr Shekhar Pawar.

Kaspersky’s data reveals that sectors like healthcare, financial services, manufacturing, and government agencies are the primary targets of Ransomware Attacks.

According to Kaspersky's most recent cybersecurity report, ransomware attacks have significantly increased in India, with 156,917 incidents recorded in the first half of 2024. This indicates the growing threat to businesses and companies nationwide, as it represents a 24% increase over the same period in 2023.

Ransomware Extortion Methodologies

With time, ransomware gangs have developed more methodologies to perform different levels of extortion.

1. Single Extortion (Data Encryption):  The attacker encrypts the victim's data and demands a ransom for the decryption key.

2. Double Extortion (Data Exfiltration): In addition to data encryption, before encryption the attacker also steals sensitive data and threatens to release it publicly if the ransom is not paid.

3. Tripple Extortion (Additional Threats): The third layer of extortion can vary but often includes threats such as:

(i) Distributed Denial of Service (DDoS) Attacks: The attacker threatens to launch or continue a DDoS attack, which can disrupt the victim's online services.

(ii) Targeting Third Parties: Attackers may also target the victim's clients, partners, or other stakeholders, demanding ransoms from them as well.

(iii) Other Creative Tactics: This can include anything from hijacking company printers to continuously print ransom notes, to making threatening phone calls.

Since the victim organisation's data, reputation, operational capabilities, and relationships with third parties are all impacted, these multi-layered tactics greatly increase the pressure on them to pay the ransom.

Which industries are the main targets?

According to Kaspersky's data, the main targets are industries like government organisations, manufacturing, financial services, and healthcare. Attacks on India's biggest health insurer, a significant cable and electrical manufacturer, and a technology service provider for rural banks are among the well-known examples. Because of their critical nature and dependence on sensitive data, these industries have become prime targets.

Why are ransomware attacks increasing in India?

Rapid digital technology adoption without commensurate investments in cybersecurity infrastructure is blamed for the increase in attacks. These attacks are mostly carried out by well-known ransomware groups, including LockBit, Conti, Hive, BianLian, and BlackCat. Data theft, extortion, and service interruptions are some of their strategies; they frequently demand hefty ransoms in order to unlock encrypted systems.

Ignorance towards investment in cybersecurity controls by top management of organisations is one of the key factors helping cybercriminals launch such ransomware attacks. 

Ignorance causing Ransomware and the DPDP Act 

Dr Shekhar Pawar
Dr Shekhar Pawar

The Digital Personal Data Protection (DPDP) Act, 2023, is a significant piece of legislation in India aimed at protecting personal data and ensuring privacy. Fifteen months after the DPDP Act was published, rules are to be out by the end of November 2024. 

Here's how it relates to ransomware attacks:

The DPDP Act focuses on below key areas:

1. Data Protection: Establishing guidelines for the collection, storage, and processing of personal data.

2. Consent: Ensuring that individuals give explicit consent for their data to be used.

3. Rights of Data Principals: Providing individuals with rights over their data, such as the right to access, correct, and erase their data.

4. Data Security: Mandating organisations to implement security measures to protect personal data from breaches and unauthorised access.

Ransomware attacks pose a significant threat to data security, which is a core concern of the DPDP Act. Here's how the Act can help mitigate the impact of such attacks:

1. Accountability: The Act holds organisations accountable for protecting personal data. In the event of a ransomware attack, organisations may face penalties if they are found to have inadequate security measures.

2. Data Security Measures: The DPDP Act requires organisations to implement robust security measures to protect personal data. This includes encryption, access controls, and regular security audits, which can help prevent ransomware attacks.

3. Incident Response: Organisations must have procedures in place to respond to data breaches, including ransomware attacks. This involves notifying affected individuals and authorities, which is crucial for transparency and mitigation.

4. Data Minimisation: By encouraging organisations to collect only the necessary amount of personal data, the DPDP Act reduces the potential impact of a ransomware attack. Less data means less risk.

5. Rights of Individuals: The Act empowers individuals to take control of their data. In the event of a ransomware attack, individuals have the right to know if their data has been compromised and to seek redress.

Financial Penalties in DPDP Act

The Digital Personal Data Protection (DPDP) Act, 2023, outlines several penalties for non-compliance to ensure that organisations take data protection seriously. Here are few key penalties under the Act:

1. Failure to Implement Security Safeguards: Organisations that fail to implement adequate security measures to protect personal data can face fines up to ₹250 crore.

2. Data Breach Notification: If an organisation fails to notify the Data Protection Board and affected individuals about a data breach, it can be fined up to ₹200 crore.

3. Non-Compliance with Data Principal Rights: Organisations that do not comply with the rights of data principals (such as the right to access, correct, or erase data) can be fined up to Rs 150 crore.

4. Failure to Obtain Consent: Collecting or processing personal data without obtaining proper consent from the data principal can result in fines up to ₹100 crore.

5. Non-Compliance with Orders of the Data Protection Board: If an organisation does not comply with the orders issued by the Data Protection Board, it can face fines up to ₹50 crore.

Beyond financial penalties, non-compliance can lead to significant reputational damage, loss of customer trust, and potential legal actions from affected individuals. Organisations may face operational disruptions as they work to address compliance issues and implement necessary changes to their data protection practices.

How to prevent Ransomware attack?

Ransomware attacks can be incredibly disruptive, but there are several steps organisations can take to help prevent those. Here are some key strategies:

1. Regular Backups: It is important to note that, only backup will not help in today's ransomware attacks which are based on double extortion. Cybercriminals will take backup of data before encrypting it on the organisation's endpoints. Still, ensure the organisation has regular backups of the organisation's important data. Store these backups offline or in a secure cloud service to prevent them from being compromised.

2. Update and Patch Systems: Nowadays, software and firmware are having periodic patches for their users. Keep organisation's operating systems, software, and applications up to date with the latest security patches. This helps close vulnerabilities that ransomware can exploit.

3. Use Endpoint Protection Software: Install and maintain reputable antivirus and anti-malware software. These tools can detect and block ransomware before it can cause damage.

4. Email Security: Be cautious with email attachments and links. Phishing emails are a common method for delivering ransomware. Verify the sender and avoid opening suspicious emails.

5. User Training: A human being is the weakest link to perform any cybercrime. Educate employees and users about the risks of ransomware and safe practices, such as not downloading software from untrusted sources and recognising phishing attempts.

6. Network Segmentation: Divide organisation's network into segments to limit the spread of ransomware if it does infiltrate organisation's system. This can help contain the damage.

7. Access Controls: Implement strict access controls and permissions. Ensure that users only have access to the data and systems necessary for their roles.

8. Multi-Factor Authentication (MFA): Use MFA to add an extra layer of security to organisation's accounts. This makes it harder for attackers to gain access even if they obtain login credentials.

9. Incident Response Plan: Have a clear incident response plan in place. This should include steps for isolating infected systems, notifying stakeholders, and recovering data from backups.

10. Regular Audits and Monitoring: Conduct regular security audits and monitor organisation's systems for unusual activity. Early detection can help mitigate the impact of a ransomware attack.

11. Adopt Cybersecurity Standards and Compliance Needs: Organisations must adopt cybersecurity frameworks like BDSLCCI framework for MSME, ISO 27001, PCI DSS, etc. It helps to build a robust cybersecurity posture. By aligning with the Digital Personal Data Protection Act 2023, organisations can enhance their data protection strategies and reduce the risk and impact of ransomware attacks.

Implementing these measures can significantly reduce the risk of a ransomware attack and help protect organisation's data and systems. 

Dr Shekhar Pawar is a DBA in the cybersecurity domain at SSBM, Switzerland. He has completed his executive management degree from SJMSOM, IIT Bombay, and engineering in electronics and telecommunications from Mumbai University. Some of his skills and certifications include Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), ISO 27001 – Lead Auditor, PCI DSS Implementer; Certified HIPAA Compliance Professional, Sarbanes Oxley (SOX) Certified Professional; Diploma in Cyber Laws, Microsoft Certified Professional (MCP), Certified Blockchain Developer, Certified ATM for CMMi Assessment, DSP & Applications – IIT Madras, and Diploma in Industrial Electronics. He is also the author of the nonfiction book ‘Air Team Theory: Understanding 10 Types of Teammates and Best Practices to Succeed’. Currently he is working as Founder and CEO of SecureClaw Inc., USA, and GrassDew IT Solutions Pvt Ltd, Mumbai.  

______________________________________________________________________________________________

For a deeper dive into the dynamic world of Industrial Automation and Robotic Process Automation (RPA), explore our comprehensive collection of articles and news covering cutting-edge technologies, roboticsPLC programmingSCADA systems, and the latest advancements in the Industrial Automation realm. Uncover valuable insights and stay abreast of industry trends by delving into the rest of our articles on Industrial Automation and RPA at www.industrialautomationindia.in