Home / Technology / News /  Cyber extortionists intensify attacks on small Indian firms

NEW DELHI : Even as small businesses in India struggle to comply with the Indian Computer Emergency Team’s (CERT-In) new cybersecurity rules, cyber extortionists globally are turning their attention to them.

According to a report published by security firm NordLocker on Tuesday, small businesses (with up to 500 employees) comprised 54% of ransomware attacks in the country between January 2020 and July 2022.

Cyber extortionists, often referred to as ransomware gangs, break into a company’s network and block access to crucial and sensitive files, and demand ransom to return the access. The company and its employees are blocked from accessing any of the files till the ransom is paid, resulting in business disruption and financial loss. Many of these gangs are now offering ransomware-as-a-service (RaaS) leading to proliferation of such attacks.

A security researcher working with a leading consulting firm said such gangs run like any other businesses. They have multiple departments like HR, finance, administrators, coders and researchers. They even have policies on how the hackers should process their code, and share best practices to keep the group’s members hidden. For instance, last December, a small town book publisher from West Bengal was hit with one such attack. The firm’s chief executive, who requested anonymity, said they have been paying the ransom in instalments for eight months but have still not been able to gain access to all the files.

An October 2021 report from Gartner had warned that on an average, only 65% of data is recovered from such attacks, and only 8% of organizations recover all of their data. Similarly, the IT head of a healthcare solution provider that runs a chain of diagnostic centres across eastern India, said its customer database was destroyed in an attack during the peak of the pandemic. The company informed the CERT-In, but had to rework its entire database and software before resuming regular operations. 

According to the Nordlocker report, Lockbit, Rangar Locker, BlackCat, Egregor and the Comming Project are the top ransomware gangs operating in the country. These are among the best known and most active globally.

For instance, in March this year, Madrid-based customer relationship management (CRM) services provider Atento, said in a report that a Lockbit attack on the firm from October 2021 resulted in revenue losses of $34.8 million. LockBit and Ragnar Locker were the most active ransomware gangs in India, accounting for 13% and 7.8% of attacks, respectively, the report said.

According to Tomas Smalakys, CTO of NordLocker, ransomware gangs pick their target based on their propensity to pay the ransom, which is determined by the company’s “importance in supply chain" networks and the amount of “confidential information" it is handling. In many cases, it is determined by the “depth of the company’s pockets," added Smalakys.

Manufacturing firms in India today cater to large businesses overseas, especially in sectors like electronics and appliances. In fact, the NordLocker report noted that 41.5% of the targeted companies had annual revenues between 800 crore and 4000 crore. In August, the CERT-In said that ransomware attacks on Indian organizations increased by 51% in the first half of this year.

“The ransomware situation in India is alarming. The numbers of victims, ransom payments, and the impact of these attacks continued to rise during the first half of 2022, at considerable cost," warned Parag Khurana, country manager, India & SAARC at Barracuda Networks. He said that Phobos is another ransomware that targets small businesses in India.

Others include Conti, which extorted $180 million from victims worldwide in 2021, according to a report by research firm Chainalysis.

A single cyberattack through RaaS often involves multiple cybercriminals working at different stages, making it difficult to hold any single group accountable for an attack. “Sometimes two separate ransomware gangs will collaborate on a cyberattack, known as double encryption. More and more ransomware victims are finding they are being attacked by multiple gangs, with attacks taking place in a matter of days or weeks apart," said Prateek Bhajanka, security expert and technology strategist for cyber security firm SentinelOne.

Subbu Iyer, regional director for India and ASEAN, at Forescout Technologies, attributed the increase in ransomware to the ongoing “digital transformation wave" even as the cybersecurity teams in most companies are “perennially understaffed and under-resourced."“Poor knowledge of digitization, lack of cyber skills, and inadequately trained cybersecurity professionals are some of the factors leading to elevated cyber threats," he added.

abhijit.ahaskar@livemint.com

ABOUT THE AUTHOR

Abhijit Ahaskar

Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less

Recommended For You

Trending Stocks

×
Get alerts on WhatsApp
Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout