Is India Inc. & Government ready for Ransomware apocalypse?

Source :Sify
Last Updated: Wed, Nov 10th, 2021, 18:34:09hrs
  • Facebook-icon
  • Twitter-icon
  • Whatsapp-icon
  • Linkedin-icon
Virus Attack

Something unprecedented has happened in the Dark-web and the hacking world that should set alarm bells ringing worldwide, India Inc and the Government of India included. For the first time ever, hackers are emboldened enough to license ransomware to other criminals and are recruiting coders from the open market.

As per Gemini Advisory – a group working on cyber threats, and reported by the Wall Street Journal (WSJ), FIN7, a hacking group that the US Department of Justice connects with over $3 billion in financial losses caused by credit card frauds and who last year ventured out into ransomware, has set up a company called Bastion Secure to recruit hackers openly. Bob McMillan who covers cybersecurity for the WSJ says in this podcast, "They started developing their own version of ransomware. At first, it was something they used themselves, but by November 2020 they started marketing it, producing it as a software as a service (SaaS)."

Their ransomware version is called DarkSide and putting it out as SaaS via an online interface means any criminal organizations anywhere can log into a specified portal and use it to try and hack any system connected to the internet anywhere in the world and demand ransom. To put it simply: with this move FIN7 becomes the Uber, Airbnb, or Zomato of the hacking world.

This is dangerous. Before we learn why let's understand what a ransomware is.

In a ransomware attack, hackers gain access to computing systems through malicious code implanted into the devices using various methods. Then they proceed to lock up the system. A user can get access back to a locked system only when they pay the ransom demanded. The 'ransom' is the reason this type of hacking software is called ransomware.

A few years ago ransomware was not the main hacking method for cybercriminals. Even when used, the demand for payment to free the systems were small sums of money. In the last few years though, attackers have become extremely bold.

On May 7 this year, Colonial Pipeline - an American oil pipeline system carrying oil mainly to the South-Eastern United States, was hit with the DarkSide ransomware that impacted computerized equipment managing the pipeline. The company had to shut down all pipeline operations to contain the attack thus affecting 45% of the East Coast's fuel supply. Panic buying shot up fuel prices leading President Joe Biden to declare a state of emergency on May 9. The company had to pay $4.4 million worth of Bitcoins to get back control of their systems. This took around a week.

This might have been the most visible ransomware attack but not the only one on US soil. Companies like Buffalo Public Schools, Acer, CNA Financial, Applus Technologies, Quanta Computer, ExaGrid, Ireland's Health Service Executive (HSE), Toshiba, Guess, etc. are known victims. Many more pay the ransom quietly, hence crimes committed on them is never recorded.

The reason for recent increases in ransomware attacks is our digital overdependence due to the pandemic and more importantly cryptocurrencies. Cryptocurrencies are the favoured payment method of hackers because most are either entirely untraceable or extremely difficult to trace. Most leave little to no trail. In fact, the US FBI which helped recover majority of the sum in the heist on Colonial Pipeline does not recommend paying a ransom.

This same DarkSide ransomware used in that attack – in a take on SaaS – is now being sold to affiliates by FIN7 using the Ransomware-as-a-Service (RaaS) distribution model. This means these hack attacks will now be carried out by affiliates and FIN7 will take a cut from them.

Why should India Inc. be bothered? GoI's own data shows 1.16 million cases of cyberattacks reported in 2020, three times more than in 2019 and 20 times more than in 2016. This means an average of 3,137 cybersecurity related issues were reported every day in 2020 in India.

A recent report by Check Point research states that amongst all nations in the world, "India has seen the most number of attacks attempts per organization, with an average of 213 weekly attacks since the beginning of the year. This is followed by Argentina with 104 per organization, Chile with 103, France 61, and Taiwan 50."

It's not tough to guess why. Though parts of India – Bangalore and Pune particularly – house the back office of the tech world, as a nation we are bad in cybersecurity. Most computers and computerized systems in India run on little, or outdated anti-virus software. Even operating systems are old or not updated. I have seen corporate systems still running Windows XP.

Ransomware is hardly the only type of cyberattack that corporations, governments and individuals have to deal with. The others, some of which are used by ransomware hackers to infect a target system are malware, phishing, SQL Injection attacks, Cross-Site Scripting (XSS), Denial of Service (DoS), session hijacking and Man-in-the-Middle Attacks, credential reuse etc.

What FIN7s RaaS or SaaS can do, is make ransomware easy to use by anyone. You don't even need hacking experience to cripple a system. Anyone can agree to their terms of bounty-sharing and use their system.

If the GoI doesn't care because they think ransomware is just a corporate problem, they are gravely mistaken. Firstly, the biggest ransomware attacks in India have been on its various governments. Besides, as the Colonial Pipeline fiasco shows, the effects even of a corporate ransomware attack could be crippling to the nation. An attack on BPCL, HPCL, or ONGC could affect the nation's oil supply. What if terrorists lockout the systems of a nuclear power plant? What if a hostile foreign nation wants to hack our most important installations?

Though in his 15 August 2020 speech, PM Modi said that India would soon have a comprehensive cyber-security policy, nothing has happened so far. Though we are covered by the antiquated National Cyber Security Policy – 2013, even that has not yet been fully implemented 8 years on.

India is thus a terrible ransomware disaster waiting to happen. Or should we say with 3000 plus cybersecurity related incidents (unrecorded could be many times more), we are already facing the slow burn of an ongoing apocalypse. GoI must work on it proactively. India Inc. needs to build pressure on GoI on this, make them realise that today sovereignty of the nation is not just protected at the border, but is done also by securing every single one of its digital installations.

Lastly but most importantly, India Inc. and GoI should remember that the well whose water will douse the fire, has to be dug much before disaster strikes.

Image attributed to Tony Gutierrez for AP News.

(Satyen K. Bordoloi is a scriptwriter, journalist based in Mumbai. He loves to let his pen roam the intersection of artificial intelligence, consciousness, and quantum mechanics. His written words have appeared in many Indian and foreign publications.)

Also by the author:

• Letter to SEBI: Solution to India's unjust IPO allotment system

•  Have you played with Artificial Intelligence

•  Psywar: How to fool most of the people all of the time

•  Should you hold on to an IPO on listing day? Lessons from stock that gained 700 percent

•  Will AI destroy humanity or commit suicide?

•  Mao Zedong's role in COVID-19

•  What's wrong with 'Make In India' and how it can be fixed

  • Facebook-icon
  • Twitter-icon
  • Whatsapp-icon
  • Linkedin-icon