Ransomware which has become a headache for the corporate sector worldwide affected India badly in 2019, with three prominent ransomware targeting Indian businesses, a new report said on Tuesday.
Global cybersecurity firm Kaspersky Security identified three families as the most notorious — Ryuk, Purga and Stop.
India was attacked by all three groups of ransomware — 5.84 per cent by Ryuk, 0.80 per cent by Purga and 10.10 per cent by Stop. Ryuk appeared on the threat landscape more than a year ago and has since been active all over the world, both in public and in the private sector. Its distribution model usually involves delivery via backdoor malware which, in turn, spreads by the means of phishing with a malicious attachment disguised as a financial document.
Purga malware has been known since 2016, yet only recently municipalities have been discovered to fall victims to this trojan, having various attack vectors – from phishing to brute force attacks.
Stop malware is only one year old. It propagates by hiding inside software installers. This malware has been popular, number seven in the top 10 most popular cryptors ranking of Q3 2019.
According to Kaspersky Security, 2019 has been the “year of ransomware attacks on municipalities. The researchers observed that at least 174 municipal institutions, with more than 3,000 subset organisations, were targeted by ransomware during 2019 – a 60 per cent increase from 2018.
“While threat actors’ demands would sometimes reach up to $5,000,000, actual costs and damages sustained during attacks are estimated to be larger,” the findings showed. “One must always keep in mind that paying extortionists is a short-term solution which only encourages criminals and keeps them funded to quite possibly return. In addition, once the city has been attacked, the whole infrastructure is compromised and requires an incident investigation and a thorough audit,” said Fedor Sinitsyn, a Security Researcher at Kaspersky.
“While the trend of attacks on municipalities is only growing, it can be stifled and nipped in the bud by adjusting the approach to cybersecurity and what is more important by the refusal to pay ransoms and broadcasting this decision as an official statement,” he added.
Judging by publicly available information, the ransom amounts varied greatly, reaching up to $5,300,000 and $1,032,460 on average. The researchers noted that these figures do not accurately represent the final costs of an attack, as the long-term consequences are far more devastating.
To avoid such malware infiltrating organizations, it is essential to install all security updates as soon as they appear. “Most cyber attacks are possible by exploiting vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack,” said the report.