India Ransomware Report 2022

Source: The post is based on the article “India Ransomware Report 2022” published in CERT-IN on 19th April 2023

What is the News?

Indian Computer Emergency Response Team (CERT-In) has released the India Ransomware Report 2022.

What is Ransomware?

Ransomware is a category of malware that gains access to systems and makes them unusable to its legitimate users, either by encrypting different files on targeted systems or locking the system’s screen unless a ransom is paid. 

What are the key findings of the India Ransomware Report 2022?

Ransomware incidents: Overall, there is a 53% increase in Ransomware incidents reported in the 2022 Year over Year. 

Sector impacted: IT & ITeS was the majorly impacted sector followed by Finance and Manufacturing. 

– Ransomware players targeted critical infrastructure organizations and disrupted critical services in order to pressurize and extract ransom payments. 

Prevalent ransomware variants: Lockbit was a majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware. 

The RaaS (Ransomware-as-a-service) ecosystem is becoming more prominent, allowing even non-technical individuals to launch ransomware attacks.

Restoration time: Ransomware restoration & recovery time is dependent upon multiple factors like level of infection, affected applications, availability of backups & images, and Business continuity preparedness.

– On an average, the restoration time is about 10 days for infections in reasonably large infrastructure networks.

Recommendations: Organizations must level up their capabilities for monitoring and early detection of Ransomware infection. 

As prevention is better than cure, it is desirable to understand the attack surface and ensure the hardening of all internet-exposed assets and improve security posture to minimize the Ransomware attack probability.