Gujarat has been the target of increasing cyber-attacks in the past two years. Hackers have attacked pharmaceutical and manufacturing companies, gained access to the Gujarat database from a big B2B website, and stolen 800GB worth of data related to taxpayers from the GST department, according to sources in cyber police.
Ransomware is fast emerging the most preferred way to attack data, demand a ransom and restore status quo only after the unethical hackers have made big bucks.
In simple terms, ransomware is a type of malware from crypto-virology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called crypto-viral extortion.
A state-based chemical manufacturing unit came to a grinding halt in November last year when its operational systems (OTs), including automation, was infected with a malware, and the hackers demanded a large sum in cryptocurrency.
Experts pointed out that while it is commonplace and the firm even had data backup, what set the case apart was the threat by the hackers. They had already extracted crucial data and threatened to release it in dark web or on surface web if the ransom was not paid. Sources said that the case was settled with payment after negotiations.
But not many business units were this lucky, said city-based cybercrime experts. Even after paying the sum, many lost data forever due to lack of decryption key.
According to Sunny Vaghela, founder CEO of a city-based cybersecurity firm, 2022 saw many businesses targeted by hackers. “While ransomware has been common, we saw emergence of exfiltration post pandemic,” he explained.
In common terms, data exfiltration is data transfer through malware in one go or a prolonged period. “If trade secrets or crucial data related to formulations are out, it can lead to severe losses. Prevention is better than cure,” said Vaghela, adding that a majority of the firms don’t reveal the attacks or modus operandi to save their face. He is hopeful that the proposed Data Protection Bill may change it with disclosure of cyberattacks.
Explaining the trend, Nilay Mistry, associate professor of cybersecurity and digital forensics at National Forensic Sciences University (NFSU), shared: “The hybrid virus takes on the properties of more than one virus. Malware and ransomware take codes from multiple sources so as to make it more robust and delay its detection. Thus in a majority of cases, detecting the source becomes difficult with attackers bouncing off their IPs across the globe – we often see attacks originating from Bahamas, China and/or Peru. SCADA (supervisory control and data acquisition) and OT attacks are becoming common.”
Also Read: Four Of Six Found Dead Along US-Canada Border Identified As Mehsana Family