Ransomware attacks jump 51% this year: CERT-In
The Hindu
Ransomware attacks jumped during the first half of this year rising 51% from the previous year, according to a CERT-In report released on Tuesday. It identified post-COVID digitisation, hybrid work culture, modernisation of attack tool kits, and evolution of ransomware as a service to be the key reasons behind these attacks
Hackers exploited known unpatched vulnerabilities of public-facing networks for initial entry into the network. Some of the common ways to exploit vulnerabilities were compromised credentials of remote access services including VPN and RDP, used by threat actors to gain entry into networks, the report noted. Cyber thieves also exploited legitimate tools like “AnyDesk” used for remote administration.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
They used these to execute scripts in safe mode and evade installed security solutions and carry out further attacks. Multiple platforms like Linux based operating systems, virtual environments like ESXI, backup storages and cloud environments were also targeted.
For cloud-based systems, ransomware groups chose to wipe the data rather than encrypting after exfiltration, the report said. Major sectors affected by these attacks include data centres, IT/ ITes, manufacturing and finance, oil and gas, transport and power.
The report noted that among the prominent ransomware families observed in H1 2022 , Djvu/Stop and Lockbit were the most used. While Djvu/Stop was used for citizen centric attacks, Lockbit was mostly utilized for targeted attacks. Citizen centric attacks refer to attacks on personal devices of prominent individuals like CA’s, lawyers, journalists and politicians while targeted attacks refer to attacks on organisations.
Other ransomware families used for attacks included Phobos for both citizen centric and targeted attacks while Hive group activity was observed in targeted attacks.
And while different families like Djvu/Stop have majorly been used in citizens centric attacks they can be used to target organisations as well, similarly Lockbit can be used in citizen centric attacks.