According to India’s national cyber organization CERT-In, ransomware incidences increased by 53% in 2022 (year over year), with the IT and ITeS sector being the most severely affected, followed by banking and manufacturing.
According to the “India Ransomware Report 2022,” ransomware actors targeted critical infrastructure organizations and interrupted key services in order to pressure and get ransom payments in 2022 “.
In terms of ransomware variants, Lockbit was the most often seen in the Indian setting, followed by Makop and DJVU/Stop. In 2022, several novel variations, like Vice society and BlueSky, were noticed “CERT-In stated.
The All India Institute of Medical Science’s (AIIMS) computer systems were subjected to a significant ransomware assault last year, which rendered its centralized records and other medical services useless.
According to the CERT-In study, Lockbit, Hive, ALPHV/BlackCat, and Black Basta versions emerged as important threats at the big business level, whereas Conti, which was quite active in 2021, became extinct in the first part of 2022.
The Phobos and Makop ransomware families mostly affected medium-sized and small businesses. Djvu/Stop versions have continued to dominate assaults at the individual level over the previous several years, “added the research.
The majority of ransomware organizations use known flaws for which fixes are accessible.
According to the survey, IT giants including Microsoft, Citrix, Fortinet, SonicWall, Sophos, Zoho, and Palo Alto are among those having their products attacked.
“Ransomware gangs often use PsExec and other Microsoft Sysinternals programs for lateral movement, “It was said.
With somewhat large infrastructure networks, the restoration period for infections is often about ten days.
“The restoration period for smaller networks/infrastructure is around 3 days, and for individual systems it is 1 day, “CERT-In said that.
In order to increase the effectiveness of their attacks, ransomware gangs are using more creative strategies.
“Performance and quickness are priorities for ransomware developers. To save time, just a certain section of the file is encrypted, as opposed to the full file. For quicker file encryption and decryption, multithreading is used “cited in the paper.
