Most ransomware groups are exploiting known vulnerabilities for which patches are available. (Image: Reuters)
CERT-In said that India saw a 53 percent increase in ransomware incidents in 2022 (year-on-year) and IT and ITeS were the major affected sectors.
India’s national cyber agency CERT-In in its latest report has said that India is set to see a 53 per cent increase in ransomware incidents in 2022 (year-on-year) and IT and ITeS were the major affected sectors, followed by finance and manufacturing sectors.
According to “India Ransomware Report 2022”, ransomware players targeted critical infrastructure organizations and disrupted critical services in 2022 to exert pressure and extract ransom payments.
“Variant wise, LockBit was a prominently observed variant in the Indian context, followed by Macop and DjVu/Stop Ransomware. 2022 sees many new variants like Vice Society, Blue Sky etc,” CERT-In said.
Last year, a massive ransomware attack disrupted systems at the All India Institute of Medical Sciences (AIIMS), crippling its centralized records and other hospital services.
As per the CERT-In report, Lockbit, Hive and ALPHV/Blackcat, Black Basta variants became major threats at the large enterprise level, while Conti, which was very active in the year 2021, went extinct in the first half of the year. 2022.
“The Makop and Phobos ransomware families primarily target medium and small organizations. At the individual level, the Djvu/Stop variant has continued to dominate attacks over the past few years,” the report said.
Most ransomware groups are exploiting known vulnerabilities for which patches are available.
Some product wise vulnerabilities are being exploited in tech companies like Microsoft, Citrix, Fortinet, SonicWall, Sophos, Zoho. and Palo Alto etc. said in the report.
Ransomware gangs are usually using Microsoft Sysinternals utilities like PsExec for lateral movement.
The average recovery time for a transition in a reasonably large infrastructure network is about 10 days.
“For small networks/infrastructure, the restoration time is around 3 days and for individual systems it is 1 day,” the CERT-In report said.
Ransomware gangs are becoming innovative in their approach to improve the operational efficiency of the attack.
“Ransomware builders are focusing on speed and performance. Instead of encrypting the entire file, a portion of the file is being targeted for encryption to save time. Multithreading leverages for faster encryption and decryption of files is being picked up,” the report noted.
read all Latest Tech News Here
(This story has not been edited by News18 staff and is published from a syndicated news agency feed)