Description
Here is an edited version of the interview. According to CERT-IN reports, there was a 51% increase in ransomware attacks in India during the first half of 2022. A Barracuda report also reveals that 73% of Indian organizations experienced a successful ransomware attack in 2022. and 45% of them have been more affected. more than once. The top four verticals targeted by ransomware attacks in India are manufacturing, energy, data center/IT/ITeS, and oil and gas. Apart from these, the healthcare industry is also becoming an increasingly attractive target for ransomware attacks due to the sensitive nature of the data held by healthcare institutions.
Email security attack is another common type of attack in India, as 82% of Indian organizations surveyed for our previous report were victims of at least one successful email attack in the past 12 months.
ALSO READ: CBI launches investigation into cyber attack on Nagpur Solar Industries Limited
AI and ML were already favored by attackers. With the increased availability of large data sample sets for training machine learning models and readily available software kits, cyberattacks are now becoming more sophisticated. With the recent availability of ChatGPT, the AI-based open chatbot, cybercriminals are well equipped to take advantage of some of the capabilities of this platform. While ChatGPT has strong authentication, user responsibility, and legal safeguards, it can certainly help increase the sophistication of social engineering, phishing, ransomware, phishing, and other types of cyberattacks.
ALSO READ: Microsoft's new ChatGPT-like AI tool helps combat cyberattacks
Disconnect devices and set up network segmentation: As soon as possible, disconnect infected machines, such as external storage devices such as phones, hard drives, or backup machines, from the network. If multiple machines are infected, they should be removed from the network on the switch/router. It is recommended to physically disconnect the machines. At the same time, implementing strong network segmentation will help reduce the spread of ransomware if it does get into your system.
Assess the scope of the infection: Look for signs of encryption and ransomware by examining known file extensions, ransom note or broken screen lock and password, helping to determine the scope of the infection, whether be limited to a few. connected people. machines, or has infected an entire network, a single geographic area, or multiple locations, etc.
Take corrective action: Look for known ransomware decryption keys on CERT-IN or any other source and use them to decrypt your files or disk. You need to make sure that the decryption is done in an isolated environment.
Second, restore your backup with a clean install on all your infected machines. It is recommended to follow best practices for AAA (Authentication, Authorization and Accounting) practices such as multi-factor authentication, privileged access, multi-level logging and alerting mechanisms, proper network segmentation, etc. It's also important to make sure all your servers and software are patched with the latest security patches from the vendors. This must be audited periodically.
Finally, report the incident to CERT-IN so that they are informed and recommend actions.
Email IDs, similar-sounding websites, but with spelling or grammatical errors in the domain names and URLs.
Any email or message that asks you to click hyperlinks, shortened links, or suspicious URLs.
Any email that has a false sense of urgency and a call to action that is not generally known, such as bank closings, mortgage closings, bank or government information updates, or government opinion.
Unknown sender showing a sense of urgency but using your name and certain publicly available personal information through unsolicited social media messages or honey traps.
Have strong passwords and better password management and change them regularly.
Use multi-factor authentication to strengthen access control.
Think before you click on a link.
Minimum security by default, access to systems based on needs, for a limited time and based on roles.
Regularly update your digital devices with the latest software and patches to prevent breaches.
Back up your digital devices on a regular schedule.
Invest in good email security, antiphishing, and antivirus software for your digital devices.
Enhance employee security awareness training for the latest phishing and social engineering tactics.
