RANSOMWARE

1. Context

2. Ransomware

• Ransomware is a kind of malware (software that damages functions or gains unauthorized access to a computer system).
• It is used to encrypt important documents or files within a system (Crypto ransomware) or simply lock the original user out of the system (Locker ransomware).
• The user is then asked for a ransom in return for decrypting the files. Once the ransom is paid within a stipulated period. then the system is either unlocked or the system's contents are deleted or the system is entirely corrupted.
• Unlike other cyber-attacks, in this form of attack, the user is notified of the attack.
• Ransomware spreads easily when it encounters unpatched or outdated software.

• The first ever recorded use of ransomware occurred as early as 1989 in the form of the AIDS Trojan.
• However, this method gained prominence only after the unleashing of the Wanna Cry Ransomware in 2017. This was a massive attack that affected more than 200,000 systems in some 150 countries and accounted for a loss of several million dollars.
• Since then, ransomware attacks have seen an upward trend in committing cybercrime.
• Many new, better, and customized ransomware are coming to the forefront. Those in the active stage include GandCrab and ZZZ.

4. Trends in Ransomware

• Initially, ransomware attacks followed a pattern akin to fire and forget, that is, it was used for small-scale extortion from individuals.
• Now, however, the pattern has shifted to more focused and targeted attacks for larger returns like targeting the san organization's server.
• The effect is to turn entire organizations into victims rather than individual users, and the pay-off for the extra effort involved in performing this kind of attack is often huge.

• Preliminary findings by cyber experts have indicated that at least five of the AIIMS servers that hosted data related to more than three crore patients were compromised.
• In India, several cases of ransomware attacks targeting commercial and critical infrastructure have been reported in the recent past.
• Spicejet faced such a threat in May, while Public Sector Undertaking Oil India was targeted on April 10.
• Cybersecurity firm Trellix, in its third-quarter global report, has identified 25 major ransomware in circulation. According to Interpol, first-ever Global Crime Trend Report presented at its 90th General Assembly meeting in Delhi this October, ransomware was the second-highest-ranking threat after money laundering, at 66%. It is also expected to increase the most (72%).

• The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency that collects, analyses, and circulates inputs on cyber-attacks; issues guidelines, and advisories for preventive measures, forecasts, and issues alerts; and takes measures to handle any significant cyber security event.
• Indian National Security Council: To shape the ecosystem related to Cyber Policy.
• National Cyber Security Strategy: To focus on security in the early stages of design in all digitization initiatives.
• Indian Cyber Crime Coordination Centre (I4C): To handle several issues regarding cybercrimes in a comprehensive and coordinated manner.
• Cyber Swachhta Kendra: To create a secure cyberspace by detecting botnet infections in India.