IN JANUARY, the computer systems of four Indian companies—three banks and a pharmaceutical firm—were attacked and rendered useless. In February, all the data on the laptop of Chandra Bhushan Tripathi, a Bhopal-based PhD scholar, was wiped off without his knowledge. In July, the employees of Shree Dhanwantri Herbals, an Amritsar-based Ayurvedic pharmaceutical company, found themselves logged out of their systems.
These attacks are examples of a disturbing trend in the world of cyber crime: digital extortion. Using ransomware—a type of malicious software designed to block access to data—cyber criminals attack computer systems and demand a ransom, usually in the form of a virtual currency like Bitcoin, from their victims in exchange for their data.
Clearly, extortion is no longer restricted to the physical world. The sinister phone call with that muffled voice demanding a ransom has been replaced by the digital threat that pops up on your computer screen. And this threat has been accentuated by the use of ransomware—hackers need just a keyboard and some nifty coding skills to nab your data, be it browser history, medical records, photographs, personal or financial details. “Ransomware comes on the system in a disguised format (known as a Trojan) such as an attachment in an email, a file downloaded from the Internet and so on. It appears to be harmless. However, the malware has hidden logic (called payload), which works in the background and encrypts the information on the system,” says Atul Gupta, partner, IT advisory and cyber security, KPMG India.
The worrying bit is that a ransomware attack can affect anyone. Not just personal computers or laptops, smartphones, tablets, servers and wearable devices are all prone to it. This means that individuals and large-scale businesses are at equal risk. “If you have downloaded a pirated software from the Internet, you see only that on your computer. But there might be a ransomware in the background. It’s not necessary that it attacks as soon as you download it. It might take a couple of days… and one fine day, you will wake up to find all your data gone,” says Vidit Baxi, director, technology, Lucideus Tech, a New Delhi-based IT risk assessment and digital security services provider, which has also worked on government projects, the most recent of which was to supervise the end-to-end security of the Unified Payments Interface (a payment system that allows money transfer between any two bank accounts using smartphones).
An array of attacks
The attack on the laptop of the PhD scholar in Bhopal was carried out using a ‘crypto’-ransomware, which encrypts a user’s files and data. As per latest research by Norton by Symantec, a global leader in cyber security software, there’s an increase in the number of ransomware attacks and infections, with the number of new ransomware categories and variants discovered annually reaching an all-time high of 100 in 2015. “All but one of the new ransomware variants discovered in 2016 were crypto-ransomware compared to around 80% last year. Crypto-ransomware uses unbreakable encryption on the user’s files. If the victim has no back-up, paying the ransom is the only option,” the research report said. The research also sheds light on the average ransom demanded globally by attackers. This number saw an upward spike this year—the average ransom demanded in 2016 was R45,428, a more-than-double growth from R19,670 in 2015.
But crypto-ransomware is not the only variant of this malware. Crypto-locker, CryptoWall, CTB-Locker and Locky are some other common types of notorious ransomware that have been discovered in recent years. While it is difficult to determine the exact source of the malware, a part of it comes from the dark Internet—a small portion of the Web that’s not indexed by search engines like Google. Ransomware creators or software are available openly on the dark Net. “The Internet that we know is just 4% of the actual Web. From the dark Net, one can actually get these free-of-cost applications, using which people can create ransomware. And these encryption standards are very tough to crack,” says Baxi of Lucideus Tech.
Interestingly, the Norton report says India ranks fourth on a list of 12 countries impacted the most by ransomware. The US occupies the top spot on the list, which also includes the UK, Germany, Canada, Japan and Russia. The burgeoning number of Internet users in India is a reason ransomware attacks are becoming more prevalent in the country, say experts. In fact, reports say by the end of 2016, India will have around 400 million active Internet users.
People who depend on technology for most of their needs have a high potential of being attacked, says Gupta of KPMG India. One such victim and the latest to be targeted is the healthcare sector, as per a September McAfee Labs Threats Report. The reason? The ageing technological infrastructure in most hospitals. The report listed close to 20 hospitals that were affected either by ransomware or malvertising (the use of online advertising to spread malware) attacks in the first half of 2016. These hospitals are spread across countries like the US, the UK, Germany, Australia, Canada, among others. In one instance, a California hospital was hit by a ransomware in February and the hackers asked for a ransom of 9,000 Bitcoins (approximately $5.77 million). The hospital reportedly ended up paying $17,000 to restore its files and systems, suffering a downtime of five working days. “As targets, hospitals present an attractive combination of relatively weak data security, a complex environment and the urgent need for access to data sources—sometimes in life or death situations,” said Vincent Weafer, vice-president for Intel Security’s McAfee Labs, in the report. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cyber crime economy has the capacity and motivation to exploit new industry sectors,” he added
Controlling the impact
Most cyber security experts and ethical hackers say it’s very difficult to emerge unscathed from a ransomware attack. Sometimes, the pressure from cyber criminals is so intense that there is no other option but to pay up. Take, for instance, the recent case of the daughter of a reputed MNC chief based in India. The daughter had posted her vacation details on Facebook. As per reports, cyber criminals managed to hack into the security cameras of the hotel she was staying at and captured footage of some of her private moments. The CEO was then asked to pay $250,000 as ransom or the video would have found its way to the Internet. The ransom had to be paid since it was too difficult for cyber security experts to track the criminals.
But you aren’t safe even after paying ransom, caution experts. “Even if the victim pays the ransom, there is no guarantee that the data will be decrypted, or made accessible again. And even if the data is decrypted, what is the guarantee that the perpetrator will not trouble you again?” says Baxi of Lucideus.
So what can vulnerable users do to protect themselves? Some methods include keeping all system software up-to-date. A good anti-virus and file recovery software also comes in handy in such situations. Computer security experts suggest data back-up as a plausible solution. An effective way of backing up data is the ‘3-2-1’ rule, wherein a user should create at least three copies of their data and store it in two different formats, with at least one copy saved offline, say experts.
As far as big organisations are concerned, the key, say experts, is user awareness. Employees should be given the basic knowledge of what to click on and what not to. There is also a need for the implementation of genuine software and security solutions. Organisations are advised to keep regular back-ups of critical data, so that in case of an attack, they can simply format the entire system and install the back-up.
But like most cyber crimes, there is no definite solution to ransomware attacks. All one can do is control the impact. “There have been multiple attacks across large Indian organisations and these show the enormity of the issue,” says Gupta of KPMG India, adding that financial and IT-enabled services and the telecom industry are highly prone to such attacks in the future in India.