The worrying increase in ransomware attacks in India has prompted cyber security professionals to develop effective preventive measures to safeguard the nation’s critical infrastructure and online infrastructure. The first half of this year saw a 51% spike in ransomware occurrences compared to last year, according to the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology, which is symptomatic of the nation’s cyber threat landscape. To prevent online users from becoming victims of ransomware gangs and having to negotiate and pay a ransom for the decryption key to recover access to the files on their systems and networks, it is essential to raise knowledge of the response mechanism created by the CERT-In. The majority of attacks were reported in the data centers/IT/ITeS sector, followed by the manufacturing and financial sectors, according to the India Ransomware Report, H1-2022 published by Cert-In last week. Additionally, it says that ransomware gangs have targeted essential infrastructures such as oil and gas, transportation, and power. Oil India Limited, a public sector oil company, experienced a serious ransomware attack at its headquarters in Duliajan in April. The cyber attackers demanded a ransom of more than Rs 57 crore through a note from an infected computer, which raised awareness of the threat of ransomware to the nation’s critical infrastructure. OIL suffered a significant financial loss as a result of the ransomware assault because it created a network, server, and client computer outage and had an impact on the business’ IT system. The “drive-by download,” which refers to the unintentional download of malicious code onto users’ computers or mobile devices through the opening of an email attachment, clicking a link, or opening a pop-up window, exposes their systems to cyber threats, is a common tactic in citizen-centric ransomware cases, according to the CERT-In report. The CERT-In study outlines the measures that should be taken in the event of a ransomware attack, and widespread visibility is essential to instilling confidence in potential victims that they may refuse ransom demands. The alert advises that the first action to take in the event of a suspected ransomware outbreak is to immediately unplug and isolate infected devices from the network. If any systems or subnetworks appear to be affected, the network should also be taken offline. In order to receive early assistance and enable the relevant authorities to act quickly, it is crucial to report the incident to CERT-In or other regulatory agencies right away and to file a First Information Report with law enforcement officials. The next three steps are to identify the ransomware strain, ascertain the extent of the infection for unauthorized access and encryption indications, and then take a variety of remedial actions, such as changing all potentially compromised account passwords. According to the research, threat actors are still using well-known flaws, stolen credentials from remote access services, and phishing efforts to get initial access to the infrastructure of both enterprises and individuals.
A set of FAQs on cyber security guidelines was also released in April by the national nodal agency responsible for responding to computer security incidents in the nation. The FAQs are meant to ensure that India’s approximately 80 crore internet users, who are expected to reach 120 crores over the next few years, have access to an open, safe, trusted, and accountable internet. The purpose of these guidelines is to require service providers and organizations to follow cyber security best practices so that user data is protected and reliable services are provided to users who regularly read the papers. The implementation of the measures mandated in these directions will facilitate timely detection and mitigation of breaches and efficient investigation of cybercrimes, according to CERT-In, which explains the reasoning behind the directives. Because cyber incidents can have an impact on one or many entities, it is crucial that all incidents be tracked and investigated to determine how they are connected. Any confidentiality clause in a contract is superseded by the legal requirement to report cyber security events to CERT-In, and if non-compliance is willful, it may result in penalties under the Information Technology Act of 2000. The FAQs address the concern of an individual’s right to informational privacy and explain that this right is unaffected by these instructions because they do not call for CERT-In to request information from the service providers regularly as part of a standing agreement. In order to fulfill its statutory requirements to strengthen cyber security throughout the nation, CERT-In may, on a case-by-case basis, request information from service providers in the event of cyber security issues and cyber incidents. The instructions are very revealing regarding the difficulties in developing the nation’s cyber security infrastructure. Awareness among internet users can enable voluntary reporting when the prospect of rising ransomware assaults is real, but any episode of cyber-attack that goes undetected will merely keep the threat of dangerous ransomware attacks alive.