Hometechnology News

SpiceJet's brush with ransomware is a timely reminder to protect yourself against this cyber menace

This article is more than 1 month old.

SpiceJet's brush with ransomware is a timely reminder to protect yourself against this cyber menace


The attempted ransomware attack on SpiceJet's systems on Wednesday may have resulted in nothing more than delayed flights and frayed tempers, but the incident underscores an immediate need for individuals and organisations to be educated and prepared to counter a growing cyber threat.

SpiceJet's brush with ransomware is a timely reminder to protect yourself against this cyber menace
SpiceJet said on Wednesday it thwarted a ransomware attack attempt, which hobbled the airline's systems and delayed multiple flights by several hours. While the fallout was, at worst, frayed passenger tempers and tangled logistics, the incident has shifted the spotlight to the menace of ransomware attacks, which gained prominence in 2017.
In fact, all available data suggests that ransomware is here to stay. So, best prepare yourselves.
A recent report by anti-malware software maker Malwarebytes stated 280 cases of attacks by known types of ransomware in April 2022. Of these, India accounted for five attacks or 2 percent.
As per a new report by Verizon, there was a 13 percent increase in ransomware attacks globally, including in India, in 2021.
The "2022 Data Breach Investigations Report (DBIR)" said last year accounted for more ransomware attacks than the previous four years combined. For the purpose of the report, Verizon studied 5,212 breaches and 23,896 cybersecurity incidents reported by 87 organisations.
What is ransomware?
As the name suggests, a ransomware attack is an attempt by hackers to hold a system hostage. The attacker will deny the target — typically a large organisation — access to the system until they pay a ransom. This is achieved by either gaining unauthorised access to a system remotely or tricking the target into downloading a legitimate-looking file or clicking on a link sent on email, which then encrypts the user's files and locks them.
More sophisticated ransomware attacks — like WannaCry — can transmit between computers without user intervention.
According to the report, there are four critical paths a hacker could take to holding a company to ransom — duplicating credentials, phishing, exploiting vulnerabilities, and deploying botnets. Duplicating credentials was the most widely used method to execute a ransomware attack in 2021, with an over 40 percent share.
System intrusion attacks in 2021

A system intrusion attack — of which ransomware is a subset — comprises techniques that leverage a combination of social engineering, malware deployment, and hacking.

System intrusion attacks increased dramatically in 2021. North America accounted for the highest number of such attacks in 2021, with more than 900. The previous year, this region accounted for close to 500 breaches. The Asia Pacific region, including India, reported 30 breaches in 2020 and 54 in 2021.

Verizon found that the culprit was an external actor in 98 percent of the cases, with financial gains being the motive in 93 percent of the issues. Industrial espionage, at 6 percent, too was a factor. Credentials were stolen in 42 percent of the cases, while personal data was stolen in 37 percent of the attacks.

Prominent ransomware attacks

Ransomware attackers are very tricky to track down as most of them demand ransom in modes of payment that are untraceable, such as cryptocurrency. The WannaCry attack, which lasted four days from May 12-15, 2017, has affected more than 2 lakh computers across 150 countries, resulting in losses of billions of dollars in business.

India was the third worst-affected nation, with cybersecurity firm Quick Heal Technologies stating that WannaCry targeted around 48,000 computers in the attack, with most incidents in West Bengal.

In August 2018, a variant of WannaCry infected 10,000 computers operated by semiconductor giant TSMC, forcing the company to temporarily shut several of its chip-fabrication factories.

North Korea was accused of initiating the WannaCry attacks, with the US Department of Justice formally charging a hacker named Park Jin-hyok in 2019.

How to block a ransomware attack

Unlike other forms of cyberattacks, ransomware is relatively straightforward. The perpetrator is typically only interested in monetisation — holding the organisation hostage — and may not necessarily be interested in stealing information. They only need to encrypt the data and make it inaccessible to the targeted individual or organisation.

The Verizon report suggests that vigilance should be enough to counter the threat in most cases — 40 percent of ransomware incidents involved desktop sharing software, and 35 percent involved email attachments/links.

"If attackers have credentialed remote access, they can leverage that directly. Otherwise they must make their own remote access by emailing either malicious links or attachments," the report states.

"Locking down your external-facing infrastructure, especially RDP (remote desktops) and emails, can go a long way toward protecting your organisation against ransomware," the report adds.

Malwarebytes issued an advisory on the best ways to mitigate ransomware attacks, such as:

  • making regular, offline and password-protected backups of data
  • network segmentation, such that machines on a single network are not accessible from every other machine
  • regularly update antivirus, operating systems and other software
  • multi-factor authentication while logging in
  • adding an email banner to emails received from outside the organisation
  • Risk Recon, a third-party cyber risk management company set up by Mastercard, said the best protection is to create awareness, whether at an individual level or an organisational level.

    "About 42 percent of ransomware attacks start with phishing. Ensure that (companies) are educating their personnel regarding the risk of phishing attacks and how to avoid becoming a victim," Risk Recon said in a report titled "Managing the Risk of Ransomware in the Supply Chain", prepared after studying 633 cases of disclosed ransomware attacks from 2017 to 2021.
    next story

    Market Movers