Get a free 90-day scanback:   Discover threats in your organization's Office 365 mailboxes >>

The State of Ransomware Attacks across India

The IT sector in India continues to experience strong growth, powered by digital transformation initiatives across all industries. As a result, many Indian companies recognize the need to invest in digital technologies such as cloud computing and AI.

Cybercriminals who keep track of the latest trends understand that such growth often provides extra opportunities for them to find and target Indian organizations lacking sufficient cybersecurity defenses. Political disputes with regional powerhouses like China add further cybersecurity risks from nation-sponsored attacks.

Ransomware is a particularly problematic form of cyber attack in India. This article highlights some recent ransomware attacks along with providing actionable advice to businesses on preventing the worst outcomes of ransomware through hardening strategies.


Indian Ransomware Attacks


A recent survey on the global state of ransomware showed India was the country in which the highest percentage of respondents reported being impacted by this type of attack. Of the hundreds of professionals surveyed, 68 percent worked at companies that were victims of ransomware attacks. The study also found that Indian organizations are the most likely to pay hackers the ransoms, even though such payments only result in getting an average of 75 percent of stolen data returned.

Here is a roundup of some major ransomware attacks that hit Indian organizations in recent times and made media headlines.


National Highways Authority of India (NHAI): June 2020


The National Highways Authority of India (NHAI) disclosed that it suffered a ransomware attack on an email server in June 2020. The NHAI plays an important role as a government agency in managing, developing, and maintaining a network of over 50,000 km of National Highways in the country.

The original public message from the NHAI was that no data loss took place. However, subsequent reports emerged that conflicted with the official communications and said some data loss occurred. Unpatched software and lax monitoring were cited as reasons for this attack.


Indiabulls: June 2020


Indian finance conglomerate Indiabulls Group suffered a ransomware attack in June 2020. The hackers demanded payment of a ransom within 24 hours if the company wanted to avoid having confidential data exposed.

The hackers behind the attack dumped over 5 GB of data online after Indiabulls didn’t meet its demands. The data dump allegedly contained identity documents and details of financial transactions.

The Clop ransomware family is believed to have been used to carry out the attack on Indiabulls. This attack once again highlighted how financial institutions are key targets of ransomware attacks due to the sensitive and valuable data they gather.


Maharashtra Industrial Development Corporation (MIDC): April 2021


In April 2021, the MIDC’s IT infrastructure was compromised by a ransomware attack. The type of ransomware behind the attack was SynAck, which is a sophisticated technique that uses NTFS transactions to bypass security solutions. Endpoint computers, devices, and databases on the network were all affected. The attack on the MIDC shows how hackers are turning their attention to organizations that help to provide, manage, and develop commercial and critical infrastructure.


Dr. Reddy’s: October 2020


Dr. Reddy’s Laboratories is an Indian multinational pharma company based in Hyderabad. The company makes and markets a wide range of pharma products. In October 2020, Dr. Reddy’s had to take swift action to isolate some of its IT services which were targeted by a ransomware attack.

The Indian pharmaceutical industry is enormous—the country is the largest global provider of many generic medications that provide cost-effective treatment for wide-ranging conditions. Cybercriminals regard this large industry as an opportunity to make money rather than as a valuable contributor to global health, so Indian pharma companies need to be extra vigilant with their information security defenses.


Haldiram: October 2020


Haldiram is an Indian candy and snack manufacturer that was hit by a ransomware attack in October 2020. The hackers demanded a ransom equivalent to $750,000 to return stolen systems and data to Haldiram. Media reports about this attack highlighted a worrying degree of severity in which hackers first deleted the backups from the servers, stole the data, and then demanded payment. By deleting backups, the malicious intruders knew they could gain extra leverage when demanding a payout. This attack should serve as a warning for organizations to have offline tape backups that can’t be accessed or deleted by outsiders.


Ransomware Hardening Strategies


If full ransomware prevention is a difficult goal to attain, hardening your network against ransomware attacks can provide a sufficient level of defense that deters intruders from advancing through your network.


Build Zero Trust


The zero trust approach to network security recognizes that trusting users and devices in your network by default carries risks. The aim of zero trust is to eliminate trust and to always require authentication and authorization for users and devices before accessing services, data, or applications.

This strategy shifts access controls from your physical network perimeter to individual devices and users in recognition that most organizations don’t have a defined network boundary anymore due to cloud computing and work-from-home arrangements. When you implement a zero trust strategy, hackers have a much more difficult time moving laterally through your network. The zero trust model .


Make Security Awareness Continuous


Security awareness training is important for pretty much any organization that cares about improving its information security posture. This type of training recognizes that human factors are often the weak links from which successful cyber attacks begin.

Of key concern in the context of ransomware and your employees are phishing emails. Ransomware attacks often start with an employee opening an email that looks legitimate. The result of the spoofed email is the employee ultimately reveals confidential details, such as login credentials, that provide access to corporate systems.

A barrier to successful security awareness training is that many companies take a once-off approach to it. Security awareness must become an ongoing aspect of securing your information. To reduce the burden employees might feel from continuously taking dedicated courses and training modules, you can incorporate other types of awareness training, such as phishing simulation.


Use MFA Where Possible


Multi-factor authentication (MFA) requires two pieces of evidence from distinct categories before authenticating users. Part of building a zero trust network is to use MFA, however, if the zero trust strategy is not practical for your business, it’s prudent to at least use MFA for the most sensitive and vulnerable services, such as webmail, VPN, and critical business apps.


Implement Identity and Access Management


Identity and access management (IAM) can provide granular levels of control over user accounts to harden your network against ransomware. IAM ensures that users are only given the level of access needed to do their daily work so that no user accounts exist in your network with access levels they should not have. Another benefit of IAM is that it can provide visibility over risky orphaned accounts, which are user accounts that exist on your network but don’t have a valid business owner.


Closing Thoughts


As India’s booming IT sector continues to grow over the coming years, it is reasonable to expect ransomware attacks to increase both in volume and sophistication. The details of recent ransomware attacks making headlines in Indian media highlight how companies in disparate industries and areas of the country are targets. Hardening your ransomware defenses is critical if you don’t want your company to become part of the statistics.

To learn more about IRONSCALES’ award-winning anti-phishing solution, please visit us today at www.ironscales.com.