It’s important to note that the landscape of cyber threats is constantly evolving. India saw a 53% rise in ransomware attacks in 2022 (year-over-year). IT and ITeS was the mainly affected sector, followed by finance and manufacturing, says India’s national cyber agency CERT-In in its report.
Ransomware players targeted critical infrastructure organizations and disrupted necessary services to pressure and extract ransom payments in 2022, according to the “India Ransomware Report 2022”. They typically demand a ransom payment for unlocking encrypted data or restoring system access.
“Variant wise, Lockbit was a majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware. Many new variants were observed in 2022 such as Vice society, BlueSky etc,” said CERT-In.
Last year, a massive ransomware attack disrupted the All India Institute of Medical Science (AIIMS) systems, crippling its centralized records and other hospital services.
According to the CERT-In report, at the large enterprise level, Lockbit, Hive and ALPHV/BlackCat, Black Basta variants became major threats, whereas Conti, which was very active in the year 2021, became extinct in the first half of the year 2022.
“Makop and Phobos ransomware families mainly targeted medium and small organisations. At individual level, Djvu/Stop variants continued dominance in attacks over the past few years,” the report said.
Most ransomware groups exploit known vulnerabilities for which patches are available.
Some product-wise vulnerabilities are being exploited in tech companies like Microsoft, Citrix, Fortinet, SonicWall, Sophos, and Zoho. and Palo Alto etc, said the report.
“Ransomware gangs are commonly using Microsoft Sysinternals utilities such as PsExec for lateral movements,” it added.
On average, the restoration time is ten days for infections in reasonably large infrastructure networks.
“For smaller networks/infrastructure, the restoration time is around 3 days and for individual systems it is 1 day,” the CERT-In report noted.
Ransomware gangs are becoming innovative in their approach to improving attack operational efficiency.
“Ransomware builders are focusing on speed and performance. Instead encrypting the entire file, a portion of the file is getting targeted for encryption to save time. Multithreading is getting leveraged for faster encryption and decryption of files,” the report mentioned.
Also Read: Credentials database theft, reused passwords dangerous entryway