The National Highways Authority of India (NHAI) fell prey to ransomware attacks in the past year by Maze Ransomware on 29 June 2020. The cyber assault scooped 43 GB of data. The attack continued on 2 July 2021 as well where the cybercriminals exposed 2GB of the data on the dark web leaking sensitive documents about the staff, a passport copy of the former chairman of NHAI, details of employee families and internal audit reports. Other organisations such as Apollo Tyres, India Bulls and Delhi Medical Council could not shield themselves from ransomware attacks. Such cases are just the tip of the iceberg! According to the 2021 X-Force Threat Intelligence Index released by IBM Security, ransomware attacks roughly comprised 40 percent of the total cyber assault in India in 2020. Amid the pandemic, India experienced a 31 percent spike in ransomware attacks as per a report by Chennai-based Cyber Security Works (CSW), a leader in Attack Surface Management (ASM). This begs the question of why Indian companies are falling vulnerable to ransomware attacks?
‘‘
India experienced a 31 percent spike in ransomware attacks as per a report by Chennai-based Cyber Security Works (CSW)
Decoding the Ransomware Attack
Ransomware attacks involve malware intruding the systems that encrypts files on a device or network resulting in the system becoming inoperable. Cyber criminals behind these types of cyberattacks typically demand a ransom amount in exchange for the release of data.
As businesses move to building their tech capabilities, attackers have gone beyond than just asking a ransom in return. They threaten the organisation about disclosing the data to the public and push them to pay more. With this kind of threat, the victims who might even have a backup of the original data may end up paying huge ransoms because of the fear of leakage of their sensitive enterprise data on the internet. This technique is called double extortion.
Why Ransomware attacks are on the rise?
As social distancing nudged the workforce indoors, companies continued to operate from home without a robust cybersecurity infrastructure. Hackers found it easier to intrude into the system with weak passwords, remote access kept open for longer hours and networks not being protected by VPN. This demands a robust IT infrastructure to protect enterprises against attackers.
How AI can drive away Ransomware attacks
AI can drive away ransomware attacks, first by weeding out constant list updates and identifying malicious files on the spot. By collecting a huge number of good and bad files, we can extract the characteristics to determine what is a suspicious file or a good file and then produce an algorithm that can accurately classify the file for subsequent actions.
In the future AI can detect any form of malware that it has detected before. Even if there is a tweaked variant of existing malware or a new kind entirely the system can check it against the database, examine the code and block the attack on the basis that similar events have been rendered as malicious.
AIs network-monitoring tool can monitor user’s activity on a daily basis, thus building up a picture of their typical behaviour. If there is any deviation from normal behaviour the AI can detect anomalies and react accordingly. It responds in an intelligent way understanding the relevance and consequences of a breach or change of behaviour and develops a proportionate response in real time.
What is in it for enterprises?
Emergence of sophisticated technologies and advanced mindset of criminals have transformed the face of security. Enterprises should pay attention in developing a robust security infrastructure, implement AI solutions and organising cybersecurity awareness programs for its employees. Now it’s time for the enterprises to consider cybersecurity at a higher pedestal than what it was before.