After years of crippling ransomware attacks, federal agencies fought back with some unique out-of-the-box solutions in 2022 finds Satyen K. Bordoloi.

When the ransomware attack on AIIMS paralysed India’s premier hospital in Delhi in November last year, the Indian government finally woke up to the threat of cybercriminals. At though, we had a ‘we-told-you-so-moment’ as we had flagged the same issue here six months ago.

Yet, there is good news on the Ransomware front. As per an analysis by a blockchain company Chainalysis, “2022 was an impactful year in the fight against ransomware. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.” This suggests a 40% reduction in payment to these hackers.

Researchers at the firm Coveware also found that in the last four years, the number of victims paying up after a ransomware attack fell to 41% in 2022 versus 76% in 2019. This is significant and was achieved by some out-of-the-box thinking.

The Threat from Ransomware

Ransomware is to the digital world what kidnapping is to the real. In a ransomware attack, hackers gain access to computing systems through malicious code implanted into devices using various methods. They then proceed to lock up the system. A user can get access back only after they pay the ransom demanded. The ‘ransom’ is the reason this type of hacking software is called ransomware.

Take the AIIMS hack. The attack locked out all digital systems in the hospital and as per a PTI source, the hackers demanded around Rs. 200 crores in cryptocurrency to restore it. In a written reply to Rajya Sabha in mid-December, the government said “Based on current analysis by concerned stakeholders, five servers of the AIIMS were affected and approximately 1.3 terabytes of data were encrypted.” The data of about 3-4 crore patients could have been compromised in this attack which includes data of many important persons in the nation from both politics and business.

In May 2021, Colonial Pipeline – an American oil pipeline system carrying oil mainly to the South-Eastern United States, was hit with the DarkSide ransomware that impacted computerized equipment managing the pipeline. The company had to shut down all pipeline operations to contain the attack affecting 45% of the US’ East Coast fuel supply. Panic buying shot up fuel prices leading President Joe Biden to declare a state of emergency on May 9. The company had to pay $4.4 million worth of Bitcoins to get back control of their systems. The chaos lasted a week.

How the World is Fighting Back

In what can be termed hacking the hackers, in July 2022, the FBI in the US gained access to the secret servers used by hackers of the ransomware group called Hive where they stored encryption keys. Instead of disclosing their find, they kept the news to themselves and gave away these keys free to victims before they paid attackers, causing the hackers a potential loss of at least 130 million dollars.

The FBI said in a press release, “Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims.” This shift in strategy from trying to arrest criminals to helping victims means that they have taken away the economic incentives that make cybercrimes profitable.

Image Credit: Coveware

But the most important change has been what the companies themselves are doing. Coveware found that “A heightened appreciation for existential risk of a ransomware attack has substantially increased funding to enterprise security and incident response teams. High-profile attacks such as Colonial Pipeline were very effective in kicking off a fresh wave of investment in security and continuity assets.”

The report added, “Companies that are better able to defend themselves do not succumb to attacks as frequently. Enterprises with well-practiced incident response processes are less likely to experience material impact (which may result in a ransom payment) when an attack is successful. Less successful attacks and fewer attacks that necessitate a payment have squeezed the overall probability of payment down and to the right.”

How India is dealing with the problem

After the Colonial Pipeline incident in 2021 awakened the US to the problem of ransomware, authorities there acted swiftly. Perhaps this squeeze in the US has led cybercriminals to target other countries, which might have led to the AIIMS attack. However, just like in the Colonial Pipeline incident, the AIIMS hack has woken the Indian government to the dangers.

The Print found that the central government is working on a task force to prevent hacking in India. The force is to be called the National Counter Ransomware Taskforce (NCRT) and is one of the many measures discussed at a meeting of directors general of police held in January this year. A three-fold security measure was discussed at the meeting which includes building an integrated national task force and drawing up National Information Security Policy Guidelines (NISPG).

Market Share of the Ransomware attacks (Image Credit: Coveware)

However, India needs to do a lot more as the nation’s security agencies are not well equipped to deal with this situation, and even India’s legal system isn’t prepared to handle such cases. Thus a 360-degree solution to the problem that will take all stakeholders into account – from private citizens to businesses, and from law enforcement agencies to the judicial system needs to be worked out if India has to deal with the problem effectively. This is particularly important if the attention of cyber hackers has shifted from developed countries in the west to those like India.

Maybe a global task force is the need of the hour where a cooperation regime like Interpol can be formed to have security agencies of different nations work together and coordinate their response to this menace. If the hackers can operate beyond nationalities, so must the ones who want to catch them.

In case you missed:

Satyen is an award-winning scriptwriter, journalist based in Mumbai. He loves to let his pen roam the intersection of artificial intelligence, consciousness, and quantum mechanics. His written words have appeared in many Indian and foreign publications.

Leave A Reply

© Copyright Sify Technologies Ltd, 1998-2022. All rights reserved