Ransomware attacks are becoming more common in today’s world. They become particularly notorious for the number of people currently using online systems. The coronavirus pandemic has forced companies and individuals to use online platforms. However, since most organizations are unfamiliar with cybersecurity, they are easy prey for attackers. The same is true for individuals who are now forced to communicate online, make transactions, and keep up with in-person interactions.
Although these attacks are global, India appears to be bearing the brunt of them. There have been several reports of India suffering from large-scale ransomware attacks as well as other data breaches. These affect companies and lead to losses on a large scale. Against this background, how can companies innovate in order to avoid ransomware attacks or to reduce their impact?
Ransomware and the Indian Experience
Ransomware is malware that holds users’ devices hostage. Here a hacker encrypts a target’s data. The hacker usually does not grant access to the owner of the data until they have paid a ransom. Attackers typically focus on the most important files an organization has. So when ransomware attacks occur, data owners have to pay to regain access to their important data.
Hackers have implemented various forms of ransomware over the years. The most common is the email spam campaign. Here the attacker uses a combination of phishing and ransomware attacks. In other cases, the attacks are more targeted. The hacker creates an attack vector that attaches to the target’s system. It won’t go away until the target pays the ransom.
There seems to be a thriving ransomware attack business around the world. For example, it is reported that there are more than 4000 ransomware attacks in the US every day. India also appears to be at the top of these troubling statistics. Sophos’ State of Ransomware Report for 2021 says India tops the list of 30 countries to be affected by ransomware attacks in 2021. Additionally, more than 68 percent of businesses in India have been affected by ransomware attacks in the past 12 months. 66 percent of that number eventually paid the ransom to regain access to their data.
The report found that cyber criminals’ methods have changed similarly. Attackers use “human hands-on keyboard hacking“. This is much more efficient and has more devastating consequences for businesses, making recovery difficult.
The most popular Indian ransomware attacks include the attacks on Telangana and AP Power Utilities. This affected Telangana and AP’s power systems and made them offline for a while. There was also the Mira botnet attack. No fewer than 2.5 computer systems were affected in India. The state-owned telecommunications company BSNL also suffered a ransomware attack. No fewer than 2,000 companies were affected.
The way forward
Given the overwhelming statistics above, there is no doubt that something needs to be done urgently. So how can companies evolve to address the current threats?
The first step will be to focus on and strengthen security within organizations. Most companies don’t take cybersecurity seriously. In most cases this is due to ignorance. Most companies are unaware of the tremendous threats their businesses face simply because they are online. Hence, they don’t treat it with the seriousness it deserves. Few companies have security and threat assessors. Organizations that will survive the current onslaught will only be those that take active steps such as appointing officials tasked with countering threats such as ransomware attacks.
Indian companies must also invest time in educating their employees about the spread of such attacks. Ignorant employees offer cyber criminals the opportunity to infiltrate and attack companies. It is therefore important that employers take the time to educate their employees about the various threats that exist and how to avoid them. Vigilant employees can identify threats and prevent them from spreading.
Organizations should also develop contingency plans in the event of an attack. Therefore, measures such as developing a backup system for all data should also be implemented. This has worked in several situations. Spain, for example, suffered several waves of attacks in 2020. However, most of the attacked organizations in the country were able to move on without a ransom. The secret was simple: they had backup systems.
Another very simple means of defending against attacks is to update systems and software. Software developers routinely update their software to fix issues, some of which could be security-related. Organizations that don’t update are doing themselves a disservice. It is also necessary that companies use anti-virus software as well. There are several that exist. They could help to identify attacks and also to prevent them.
Disclaimer: This is a company press release. No HT journalist is involved in the creation of this content.