India seems to have emerged as an attractive target for hackers. It emerged as a top victim in the SamSam ransomware attack that was first reported in 2015.

Internet security solution provider Sophos said India ranked sixth among the top victim countries across the world.

SamSam is different from the traditional ransomware attacks which, generally, are not targeted. Cyber security experts say the attack method is surprisingly manual. It is more like a cat burglar than smash-and-grab attack. “The attacker can employ countermeasures to evade security tools and if interrupted, can delete all trace of itself immediately, to hinder investigation,” according to Internet security solutions company Sophos.

Hackers have reportedly made a killing launching SamSam ransomware into vulnerable computer systems. In thirty months, they have reportedly collected about $6.5 billion to release the information locked in the systems that were taken hostage by them. The ransom amount was initially pegged at $8,50,000, but with more attacks getting reported, the aggregate amount shot up to $6.5 million.

While the majority of the victims (about 74 per cent) were in the United States, the United Kingdom (8 per cent), Belgium (6 per cent), Canada (5 per cent) and Australia (2 per cent) occupied the subsequent positions. India, along with a few other countries, shared the sixth rank with one per cent share in payouts to the hackers.

What’s ransomware attack?

Hackers cleverly lure the unsuspecting computer users to download a file, which contains malicious software that can make the target computers their slaves. Once they gain access to the PC, they will lock the information, denying the owners access to it. They would, then, demand ransom money to release the data.

With little help available, most of the victims pay money to gain access to their valuable information.

“Unlike most ransomwares, SamSam is a thorough encryption tool, rendering not only work data files unusable but any programme that is not essential to the operation of a Windows computer, most of which are not routinely backed up,” Sophos, which released a White Paper on SamSam attack, said.

“SamSam’s attacking method unique as it is manual and as a result, attackers can employ countermeasures (if needed) to evade many security tools,” it said. “If the process of encrypting data is interrupted, the malware is capable of comprehensively erasing all trace of itself immediately, hindering any investigation,” it points out.

“Most ransomware is spread in large, noisy and untargeted spam campaigns using simple techniques to infect victims and demand relatively small sums in ransom,” Peter Mackenzie, Global Malware Escalations Manager at Sophos, observed. “What sets SamSam apart is that it’s a targeted attack tailored to cause maximum damage and ransom demands are measured in the tens of thousands of dollars,” he said.

“Our recently conducted The State Of Endpoint Security Survey revealed that 90 per cent of the businesses in India have been either hit or expected to hit by ransomware,” Mackenzie said.

Traditional endpoint security is no longer enough to protect against today’s evolving ransomware threats.“This is an attack pattern we’re likely to see an increase in India and it is time for Indian businesses and individuals to synchronize their cybersecurity posture to defend against such attacks,” he said.

How to tackle?

* Utilize multi-factor authentication for VPN access.

* Complete regular vulnerability scans and penetration tests across the network.

* Activate multi-factor authentication for sensitive internal systems.

* Create back-ups that are offline and offsite.

* Develop a disaster recovery plan.

Related Topics