Are ransomware attacks increasing in India?

Source: The post is based on the following articles

“The AIIMS cyber attack is a wake-up call for national security” published in the Indian Express on 1st November 2022.

“Are ransomware attacks increasing in India?” published in The Hindu on 1st November 2022.

Syllabus: GS 3 – Basics of cyber security.

Relevance: About the recent ransomware attack on AIIMS.

News: The recent massive ransomware attack has crippled the e-hospital services of AIIMS, Delhi for seven days.

What is ransomware?

Ransomware is a type of malicious software, used by cyber criminals, to infect a computer system by blocking access to the stored data by encrypting the files. A ransom is then demanded from the owner in exchange for the decryption key.

A Cybersecurity firm, in its third-quarter global report, has identified 25 major ransomware in circulation. According to Interpol’s first-ever Global Crime Trend report, ransomware was the second highest-ranking threat after money laundering, at 66%. It is also expected to increase the most (72%).

Read more: What is a Ransomware?
Why AIIMS is targeted by ransomseekers?

Many countries consider the health and medical sector as critical information (CI) infrastructure. But in India, health is not specified directly as a CI. However, an organisation like AIIMS is a natural target for cyber attackers and ransom seekers because,

a) AIIMS databases contain the personal information of patients – including political leaders, senior administrators and judges – and their healthcare records, b) AIIMS handles and stores very sensitive medical research data, and c) AIIMS New Delhi could be counted as a “strategic and public enterprise” as it deals with crores of patients.

Must read: Held To Ransom – Healthcare sector is a sitting duck to cybercriminals. AIIMS & other hospitals must shore up security systems 
How did India handle the AIIMS ransomware attack?

The Delhi Police used the provisions of section 66 (F) of the Information Technology Amendment Act 2008Thereby identifying AIIMS incident as a case of cyber terrorism. This is significant and indicates a much larger ambit than a typical ransomware case.

Read more: Explained: What is cryptojacking, the cyber attack carried out by crypto miners?
Which agencies in India deal with cyber-attacks?

Indian Computer Emergency Response Team (CERT-In): It is the national nodal agency that collects, analyses and circulates inputs on cyber-attacks; issues guidelines, advisories for preventive measures, forecasts and issues alerts; and takes measures to handle any significant cyber security event.

National Cyber Security Coordinator: It functions under the National Security Council Secretariat. It coordinates with different agencies at the national level on cybersecurity issues.

National Critical Information Infrastructure Protection Centre: It has been set up for the protection of national critical information infrastructure.

Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): It has been launched for detection of malicious software programmes and to provide free tools to remove the same.

National Cyber Coordination Centre: It works on creating awareness about existing and potential threats.

Read more: Steps Taken to Deal with Cyber Crime and Cyber Security
What should be done to protect India’s critical infrastructure?

AIIMS incident is a wake-up call for organisations across sectors to shore up cyber security measures. This can be done by

Announcing a national cyber security strategy: This will be a guiding document to motivate and monitor the preparedness of cyber readiness of institutes and also enhance capacity on many fronts including forensics, accurate attribution and cooperation.

Increased budget for cyber security measures: Significant budgets have to be allocated by various ministries to ensure cyber security measures.

Capacity enhancement: The capacity enhancement for the National Critical Information Infrastructure Centre (NCIIPC) and CERTIn has to be undertaken to address the emerging sophisticated nature of threats and attacks. Further, sectoral CERTs have to be set up for many areas including health.

International cooperation: This will help India to gain more knowledge and power. For this, India has to move beyond the Group of Governmental Experts (GGE) meetings and the US-led Counter Ransomware Initiative (CRI) of 37 countries and the European Union.

Print Friendly and PDF