In its recent report to a parliamentary panel, RBI highlighted the sharp rise in the number of ransomware attacks on Indian banks. Concerningly, data collected from such ambushes is further sold on the dark web. Insecure, open ports, lack of network monitoring and plugging data leakage loops were noted as the primary reasons why such attacks happen recurrently.
While it stated that such ransomware attacks do not adversely affect banks, since they have offline backups, it is nevertheless a cause of serious worry. As per CERT-In, ransomware attacks in India shot up by 53% in 2022. In another instance, cybersecurity firm Sophos revealed that nearly 2/3 of the 300 Indian companies it surveyed had been victims of ransomware attacks.
In the same report, it also mentioned that an inter-regulatory group consisting of RBI, SEBI, IRDA, PFRDA and NHB (National Housing Bank) are working together to frame common cybersecurity guidelines for all regulated entities.
What is ransomware?
Simply put, a malware takes over your device, and encrypts it in a manner that makes it impossible for you to use it. Decryption is possible, only if you pay the hacker the ransom he/she asks to decode it and make it usable again. In fact, such is India’s vulnerability to ransomware that it was the secnd most targeted country in the Asia-Pacific region in 2022, as per a Palo Alto Networks & Unit 42 Ransomware and Extortion Report.
Have you been malware-ed?
It’s not just banks and other organizations that are susceptible to such attacks. Your phone and laptop might be at an even higher risk. Here are some tell-tale signs your personal devices have been infected with such malware.
You find outgoing random calls and texts on your phone that have not been made by you.
You find applications installed and functional in your phone that you don’t remember installing.
You notice unusual activity on your email account. This could include password-verification and reset requests not initiated by you
What to do?
It serves well to exercise some caution while you are downloading an application or clicking on a link. Here are a few steps you can undertake before you download any new software or application on your personal gadgets:
Carefully check for the permissions an application is requesting for on download. Most ransomware apps over-request on this part, so as to gather maximum information on your phone. Do not provide blind permissions to every app that you use.
If it sounds too good to be true, it probably is too good to be true. Most ransomware apps have many fake, five-star reviews on the playstore, so that you are enticed to download it. Look out for written reviews. If they sound repetitive, chances are they have been written by a bot, and are most likely malware.
If you are accessing the internet on public networks, chances are that your data is being snooped into. Use function-specific application like Gmail, instead of logging onto your mail in a browser, to protect yourself from such attacks.