India, referred to as a “global sweet spot,” boasts strong economic growth and an impressive technology ecosystem that demonstrates how critical international collaboration is to its ongoing development. By focusing in on India’s growing ransomware attacks, cybersecurity professionals can analyze the consequent effects and learn how to better prepare to protect enterprises on a larger scale. India’s global influence on the technological world underscores an international culture of crisis management and security against ransomware in order for businesses to properly protect themselves.
Ransomware attacks are on the rise in India. In 2022, India saw a 53% increase in ransomware attacks, according to the India Ransomware Report 2022 by CERT-In. The IT and ITeS sector was the most affected, followed by finance and manufacturing. Ransomware groups targeted critical infrastructure organizations and disrupted critical services to pressure and extract ransom payments. The most active ransomware families at the large enterprise level were Lockbit, Hive, ALPHV/BlackCat and Black Basta. Conti, which was a major threat in 2021, became extinct in the first half of 2022. At the medium and small organization level, the most active ransomware families were Makop and Phobos. At the individual level, the Djvu/Stop variants continued to dominate attacks.
Additionally, according to a recent report by Check Point, India saw an 18% surge in weekly cyberattacks in the first quarter of 2023. This is a concerning trend, and it highlights the importance of taking steps to protect your organization from ransomware attacks.
Ransomware’s Impact in India
Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for the decryption key. Ransomware attacks can have a devastating impact on victims. In addition to the financial cost of the ransom, victims may also lose access to critical data, which can lead to business disruption and reputational damage.
Here are three case studies of ransomware attacks that have affected organizations in India:
- All India Institute of Medical Sciences (AIIMS)—In 2022, the All India Institute of Medical Sciences (AIIMS) was hit by a ransomware attack. The attack encrypted patient data and demanded a ransom payment of US$1 million. AIIMS refused to pay the ransom, and the attackers released the data on the dark web. The data included patient names, addresses, medical records and financial information. The attack had a significant impact on AIIMS, and the hospital was forced to shut down its IT systems for several days. The attack also raised concerns about the security of patient data in India.
- Nagpur’s Solar Industries Limited—In 2023, Solar Industries Limited (SIL), an industrial and defense explosives manufacturer based in Nagpur, India, was hit by a ransomware attack. The hackers, who identified themselves as BlackCat or ALPHV, claimed to have stolen 2 terabytes of data from the company's servers. The Central Bureau of Investigation (CBI) has since launched an investigation into the attack.
- Fullerton India—In 2023, Fullerton India, a NBFC, was targeted by a ransomware attack in April 2023. The attack was carried out by Lockbit 3.0, a ransomware group known for its sophisticated attacks and high ransom demands. Fullerton India refused to pay the ransom, and the attackers released over 600 GB of data from Fullerton India onto the dark web. The data included customer information, financial data and intellectual property. The attack had a significant impact on Fullerton India, and the company is still recovering.
These are just three examples of the many ransomware attacks that have affected organizations in India. These attacks have had a significant impact on businesses of all sizes, and they highlight the importance of taking steps to protect organization from ransomware.
The Crisis Management Approach to Ransomware
The traditional approach to ransomware protection has been to focus on preventive measures, such as keeping systems up to date, using strong passwords and educating employees about ransomware. However, these measures are not always effective, and ransomware attacks continue to occur.
A more effective approach to ransomware protection is to focus on crisis management. A culture of crisis management is one in which organizations are prepared for the possibility of a ransomware attack and have a plan in place to respond quickly and effectively.
Here are some key elements of a culture of crisis management:
- Proactive risk assessment and mitigation: Organizations should regularly assess their risk of ransomware attacks and implement proactive measures to mitigate those risks. This includes measures such as patch management, vulnerability scanning and intrusion detection systems.
- Continuous employee training and awareness: Employees should be educated about the risks associated with ransomware attacks, common attack vectors and best practices for cybersecurity hygiene. Organizations should conduct regular training sessions, workshops and awareness campaigns to keep employees up to date with the evolving threat landscape.
- Incident response planning and testing: Organizations should develop a comprehensive incident response plan that outlines clear roles, responsibilities and protocols for responding to ransomware attacks. The plan should be regularly tested to ensure its effectiveness.
- Robust backup and disaster recovery strategies: Organizations should establish and maintain regular backups of critical data and systems. The backups should be regularly tested to ensure their integrity and accessibility. Organizations should also implement a well-defined disaster recovery plan that outlines the process for restoring systems and data in the event of a ransomware attack.
- Collaborative approach and cross-functional teams: Organizations should foster a culture of collaboration and cross-functional teamwork. Representatives from IT, security, legal, communications and other relevant departments should be involved in the incident response planning and execution process.
- Post-incident analysis and lessons learned: After a ransomware attack, organizations should conduct a thorough post-incident analysis to understand the root causes, evaluate the effectiveness of response measures and identify areas for improvement. Lessons learned should be documented and implemented to strengthen the organization's security posture and prevent future attacks.
- Regular security audits and assessments: Organizations should conduct regular security audits and assessments to evaluate the effectiveness of existing security controls and identify areas for improvement. External auditors or consultants may be engaged to provide an unbiased assessment of the organization's security practices and suggest remediation measures.
By following these steps, organizations can create a culture of crisis management that will help to protect them from ransomware attacks.
Here are some additional benefits of having a culture of crisis management:
- Increased employee morale: Employees are more likely to be engaged and productive when they feel that their organization is prepared for a crisis.
- Improved reputation: Organizations that are seen as being prepared for a crisis are more likely to be trusted by customers and partners.
- Reduced costs: Organizations that are prepared for a crisis are less likely to suffer from the financial losses that can result from an attack.
Overall, a culture of crisis management can help organizations to be more resilient and better prepared to respond to a ransomware attack.