Ransomware cases in India are on the rise. Adarsh takes you through the causes and implications of the same.


In December 2023, IT services provider HCL Technologies revealed in its quarterly report that it had been the victim of a ransomware incident. The company mentioned that it was an isolated incident within a restricted cloud environment and also added that there was no ‘observable’ impact on their overall network.

But the revelation led to an immediate drop in HCL’s share prices.

Image Credit: Security Intelligence

This is not the only such incident. In November last year, a US-based subsidiary of Infosys – Infosys McCamish Systems – was targeted by a ransomware attack. In similar fashion, Indian drug manufacturer Sun Pharma was also hit by a cyberattack.

But one of the biggest attacks on an Indian establishment was in November 2022, when a ransomware attack halted the All India Institute of Medical Sciences (AIIMS) for days. The hackers had reportedly demanded ₹200 crores in cryptocurrency from the hospital.

Image Credit: Michael Geiger on Unsplash

What the Numbers Say

A 2023 study conducted by cybersecurity company Sophos revealed that 73% of organisations reported being victims of ransomware attacks, which is an alarming rise from the 57% reported in 2022.

Of these, 77% of organisations said that attackers succeeded in encrypting data, with 44% paying the ransom to retrieve their data, a significant drop from 78% in 2022.

Another alarming piece of data is that nearly 44% of these organisations ended up paying ransom ranging between USD 100,000-500,000, as per the survey.

Image Credit: Alpha Photo on Flickr

What is Ransomware?

Simply put, ransomware is a highly disruptive form of cybercrime that employs different tactics to extort ransom from individuals, businesses and in certain cases even governments.

It can lock or encrypt a device or the data on a system and then demand a ransom for its release. A ransomware attack follows a simple plan wherein the attacker gains access to a device or in certain cases data that is protected in the cloud.

Depending on the nature of the ransomware, it will then lock or encrypt the device or the data stored. In certain cases, ransomware has been known to lock or encrypt the entire internal network of an organisation.

Image Credit: Freepik

The Evolution of Ransomware

Ransomware first emerged in the 1990s but it wasn’t a very viable form of cybercrime as anonymity was an issue when it came to extorting money. But ever since cryptocurrency emerged in the late 2010s, cybercriminals have found it easier to monetise ransomware.

In the early 2010s, ransomware employed a ‘spray and pray’ model which targeted a large number of individual users. But these operations had very low returns as there was only so much money these criminals could obtain from individuals.

In 2016, ransomware moved from the ‘spray and pray’ model to ‘big game hunting’. Instead of attacking individuals, the focus shifted to organisations. By deploy ransomware onto thousands of computers within a single company, the criminals could increase their leverage and thus demand a bigger ransom.

Image Credit: Joshgmit from Pixabay

A couple of more modifications were made to the tactics in 2019 which has further streamlined the attacks. By being selective about their victims, the cybercriminals targeted companies that relied on constant delivery of operations. For instance, healthcare is a sector that cannot afford any interruptions and hence would be forced to pay up any ransom to resume their services. (this explains why AIIMS was targeted, as mentioned earlier).

Another change was that apart from stealing data, the ransomware would also encrypt the victim’s data. With dedicated data leaks on various websites or to journalists and by harassing the employees and the clients, they force the victim to pay up faster.

The ransomware ecosystem has largely thrived on dark web forums and marketplaces. But of late, it is becoming rather organized in their approach. Ransomware has even become a business model where the developers are recruiting affiliates to conduct operations for a cut of the profits.

Image Credit: Shutterstock

How to Protect Yourself from Ransomware

As an individual user, your chances of being caught by ransomware are minimal but never zero so employing a few of these tactics would keep you and your data safe.

First up, have a backup of all your important data. Store it offline or out of band so that it cannot be targeted by attackers. Keeping your systems up to date, securing your configuration settings and limiting your port connection only to trusted hosts will also negate the chances of a threat.

Security awareness for yourself and your team is also vital to avoid ransomware attacks. Last but not least, use an Intrusion Detection System (IDS) that looks for malicious activity by comparing network traffic logs to signatures that detect known malicious activity.

The Last Word

As we head deeper into the digital age, the chances of ransomware attacks will only increase. By following the aforementioned tactics, we can hope to stay safe from such threats. Stricter internet laws and crackdown on cybercriminals will also go a long way in preventing or at least reducing these attacks.

In case you missed:

Adarsh hates personal bios, Chelsea football club and Oxford commas. When he's not writing, he's busy playing FIFA on his PlayStation.

Leave A Reply

Share.
© Copyright Sify Technologies Ltd, 1998-2022. All rights reserved