Ransomware is advancing on all fronts in the cyber crime space, with attacks on a daily basis ranging from spam and exploits. Nilesh Jain, Country Manager – India & SAARC at Trend Micro states that this isn’t just a regional problem, but a general global infection problem that will only grow. What’s alarming is the fact that while enterprises in India are spending more on cybersecurity each year, organizations are still not confident of their ability to sense, resist and respond to cyber threats.
Q. CIOs and CISOs across the globe and across sectors are facing a real wearing issue from ransomware attacks, with the some organizations getting hit multiple times. From an Indian context, what according to you are some of the alarming factors that need immediate attention?
The country is still reeling under the recent hacks by a hacker group called Legion that claimed to have compromised databases belonging to banking institutions, government email servers and the database of a leading hospital. If recent reports are to be believed there is more in store. India’s share in ransomware attacks continues to rise and currently stands at 16.9 percent.
Several large companies today are under the purview of ransomware attacks, and the impact is only getting advanced with time. The entire cybercriminal world has been taken over and it seems like there is no end to it. What’s alarming is the fact that while enterprises in India are spending more on cybersecurity each year, organizations are still not confident of their ability to sense, resist and respond to cyber threats.
In one of our earlier reports we had found that over 180 Indian companies were victims of ransomware online extortion schemes in the first six months of 2016, causing a loss of a whopping $3 billion.
Q. Recently around 10,000 website databases of MongoDB were hijacked by attackers who were demanding hefty ransoms for the data to be restored. There were some victims who paid the ransom in order to recover their files. What should be worrying CIOs and CISOs on this front?
To understand this in its entirety, we need to comprehend the modus operandi behind what really motivates Cybercriminals, which is largely to instill ‘Fear’, at a very primordial level to achieve their larger objective of creating disruption. They extort money from companies with the help of ransomware using fear as an effective tactic. The fear to part with vital information or customer files along with the dreading fear of public exposure makes companies abide by the demands of the attackers.
With the number of internet of things (IoT)-enabled devices increasing, ransomware is all set to enter another revolution. Cybercriminals have already started attacking smartphones and the day is not far when wearable devices will also be on their list. In fact, Smart TVs are already under their radar.
A recent survey carried out by a leading consulting firm found that outdated information security architecture and controls is a key factor that has increased the risk exposure for India Inc over the last 12 months. What is interesting to take cognizance of, is that vulnerabilities related to mobile computing, social media and cloud computing feature prominently as contributing to enhanced risk exposure for corporate India. Among threats, the majority believe that cyber-attacks are primarily targeted at defacing/disrupting organizations or towards stealing intellectual property or data, followed by fraud.
Enterprises need to be coherent to the fact that attacks are getting more hybrid and many a times difficult to detect. There were 50 ransomware families found between January and May 2016. Blackshades, Apocalypse, Jigsaw, CryptXXX are just some of the popular names that we in 2016. In a typical situation, when a company is attacked by a particular ransomware, others begin analyzing security measures for the same ransomware to stay protected. Cybercriminals of course are aware of this strategy and therefore, keep releasing new mechanisms with every next attack.
Q. What are the immediate steps needed to sail through these choppy waters?
The right information is the key to block ransomware attacks. A business can fight any attack if they understand the vital facts, trends, and lesser known facts about ransomware. Some of these revelations are startling enough to warrant the CIO, CSIO and CTO of organizations to take a closer look at their cyber security framework and ascertain if the necessary checks and balances are in place.
As per our research we found that 76 percent of ransomware attacks originate from spam or spammed links sent to end users. Therefore, the first step to be taken by companies is – install stronger spam filters. Only 16 percent of the ransomware attacks come from other sources like hacking, compromised software or malicious apps downloaded from the app store. The remaining 8 percent are said to enter from malware or hampered websites.
India faces 7 ransomware attacks per hour and ranks third in Asia Pacific when it comes to ransomware attacks and a majority of these were done by crypto-ransomware.
What’s needed is a proactive and systematic approach towards having organizations ready and vigilant of impending threats that loom large over most of the enterprises, whether big or small, and having a robust cyber security framework/mechanism in place that would serve as a watchdog over the organization. For instance, our ‘Worry Free Services’ aims to proactively stop any ransomware variants. Companies need to deploy end point solutions that come with behavior monitoring along with application control features.
Ransomware-as-a-Service (RaaS) is allowing wannabe hackers to cash-in on cyber extortion with ease and minimal expense. What is the modus operandi?
Yes, there are some Darknet services providers who offer Ransomware-as-a-Service. They let cybercriminals use their platform, set up a ransom price and bitcoin address. RaaS providers in turn charge 10 percent for every victim who pays ransom.
As per FBI reports of the FBI, USD 209 million was paid as ransom in just the first three months of 2016. The number obviously kept increasing through the rest of the year, indicating how companies are largely affected by ransomware.