Deepak Kumar, a senior cyber intelligence professional at the home ministry’s Indian Cyber Crime Coordination Centre said that the most common ransomware affecting Indian companies currently is DJVU or STOP ransomware.-ˀ
Explainer
“In India, maximum companies are getting attacked by DJVU/Stop ransomware. We have seen various cases of DJVU including its variants. It is very common”, he said.
DJVU ransomware is a widespread file-encrypting virus that uses cryptography algorithms to lock the victim’s data on a computer or whole server.
It pretends to be a legitimate service or applications to fool victims.
It also partners with other threat groups to give them the option to steal data at the victim’s expense.
Huge spike in cyberattacks
In 2022, the Indian Computer Emergency Response Team (CERT-In) said it observed a 51 percent increase in ransomware incidents in the country in the first half of the business year.
It attributed this spike in cyberattacks to DJVU along with Phobos, a ransomware which “strikes smaller companies and individuals that have less capacity to pay relative to larger businesses”.
AIIMS
In November 2022, premier health institute All India Institute of Medical Sciences, Delhi was hit by a ransomware attack which paralysed its servers.
A case of extortion and cyberterrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.
Kumar said, “Any individual or organisation can get targeted. The method is very clear — first, scanning for vulnerabilities; find vulnerabilities; access data and so on.”
CERT-In explains
Earlier, CERT-In had said that ransomware gangs were focusing on breaking into known unpatched vulnerabilities of public-facing applications for gaining entry into the network.
“Compromised credentials of remote access services (VPN/ RDP) are being used by threat actors to gain entry into the network,” it said.
Attack from the inside
Kumar said that a majority of cyber attacks are insider jobs instead of the common belief that it happens due to external factors.
Various investigations have shown that most of such crimes happen in the form of insider jobs.
Criminal elements may gain access from innocuous things such as “a document on your desk, which someone could copy it, take an image of it and take it through WhatsApp and so on.”