Is Indian Govt Ready For Ransomware Attacks?

by Priyanka Pugaokar    May 27, 2016

Ransomware The ghost of ransomware has haunted organizations worldwide and now it seems that the notorious malware has put India on centre stage. In what could be termed as the biggest hacking attempt, cyber criminals recently targeted Maharashtra governments headquarter in Mumbai. The malware reportedly infected computer systems to steal sensitive data in the Matralaya. Though the IT department successfully averted the potential damage, the incident has once again brought the governments’ security robustness under scrutiny.

The malicious software named ‘Locky ransomware’ targeted computer systems in the Mantralaya last week. The malware reportedly infected 150 computer systems, mostly in Revenue, Public Works Department and some isolated computers in other departments. According to Principal Secretary, IT, V K Gautam, the malware sneaked into the Maha LAN system through spam mail and started encrypting the documents, PPT and other files into ‘Locky’ files. When staff tried to open the encrypted files, the system asked them to pay ransom in Bitcoins for access. 

These computers have now been isolated and been sent for forensic tests. The government claimed that the potential damage was averted and no damage has been caused to files. Following the incident, the IT department has fortified its server and data center. The government has also directed its employees to strictly use their official IDs for both internal and external communication and will soon issue an advisory to employees to exercise caution while using storage devices procured without authenticating sources. 

Ransomware continues to haunt 

The ransomware malware has posed a serious damage to entities worldwide. According to the latest FBI report, ransomware infections caused more than $1.6 million in losses in 2015 for individuals and businesses. Earlier this month, Kansas Heart Hospital was hit with ransomware in Wichita. Another health care entity, Hollywood Presbyterian Medical Center reportedly paid hackers a ransom of 40 Bitcoins, approximately $17,000 to decrypt their encrypted data.

India has also witnessed serious ransomware attacks in the recent years. According to Symantec, India is the second highest Asian country to receive ransomware attacks. India receives over 60,000 ransonware attacks per year; wherein 86 per cent of ransomware attacks are Crypto-ransomware. Major banks and pharmaceutical companies faced a hit of the malware earlier this year. According to the reports, hackers asked these entities to pay one Bitcoin for each encrypted file. The organizations reportedly paid the extortion money to free up computers belonging to top executives. Research firm Malwarebytes said that LeChiffre malware, which means “encryption” in French, was responsible for this attack campaign.

Also Read: India Emerges As Top Destination For Cyber Crimes

Govt websites soft target of hackers

Cyber criminals are increasingly targeting government and defense entities. Over 700 government websites hosted under ‘gov.in’ and ‘nic.in’ domains have been hacked by cyber criminals since 2012. Hackers hijacked 15 websites of various government departments, including Assam Police, Sarva Siksha Abhijan Mission and Directorate of Elementary Education in 2015. Kerala government’s website and the website of the Gujarat Government’s Director of Primary Education were also allegedly hacked in the same year. In a recent incident, suspected hackers from Pakistan brought down an IRS website meant for Indian Revenue Service officials. In March this year, the reports surfaced online claiming that Al Qaeda hacked the Indian Railways website.

Despite of the serious implications of ransomware, most of the security breach incidents in India go unreported. BFSI, Insurance and Telecom verticals are more prone to DDoS attacks. Similarly, attackers around the world keep on targeting various government institutes. Unfortunately, very few cases are exposed in the public domain.

Also Read: Here Are 10 Most Notorious Money Pilfering Malware

Where does govt’s preparedness stand?

Considering the seriousness of cyber war, the Prime Minister’s Office (PMO) created the position of the National Cyber Security Coordinator in 2014. However, the country still lacks robust national security architecture that can respond to cyber threats in real time. India currently has a top layer of agencies performing cyber operations such as the National Technical Research Organization (NTRO), the National Intelligence Grid (NIG), and the National Information Board (NIB). There is also an additional layer of ministries performing governance functions. The civilian institutions in the country also have their own firefighting agencies to counter cyber attacks. However, considering the complex cyber security landscape in the country, there is a lot more to add in the current security architecture.

The recent attack on the Matralaya is an indication that the government need to deploy a robust security mechanism in government premises. Considering the fact that humans are the weakest link in the security infrastructure, emphasis should be given on cyber security awareness. A fully operational cyber command is the need of the hour; therefore, the government should consider building its offensive cyber capabilities to tackle cross country attacks.