Time to stem ransomware attacks
A ransomware attack on one of the largest oil pipelines of the US, Colonial Pipeline, last week shows the vulnerabilities of global establishments to various cyberthreats
A ransomware attack on one of the largest oil pipelines of the US, Colonial Pipeline, last week shows the vulnerabilities of global establishments to various cyberthreats. This pipeline, which carries 100 million gallons of fuel daily, accounts for 45 per cent of the fuel used on the East Coast of the US. The shutdown has caused gas shortages in areas served by Colonial with prices shooting up in some areas.
According to preliminary investigation, a hacker group called DarkSide, based in Russia is believed to be responsible for this attack. Though Colonial Pipeline has denied that it has paid a ransom of $5 million to the hacker group, some reports suggested the same. Like Colonial Pipeline, the Health Department of Ireland has been under a ransomware attack.
Similarly, a ransomware attack as early as Monday was seen on insurance major Axa's subsidiary in four Asian countries- Thailand, Malaysia, Hong Kong and Philippines. The ransomware attack is one of the most potent threats in the cybersecurity space. During this pandemic period, incidences of such attacks have only risen as most people operate from home.
According to global consultancy firm KPMG, remote working increases the risk of a successful ransomware attack significantly. This is majorly due to a combination of weaker controls on home IT system and a higher likelihood of users clicking on Covid-19 themed ransomware emails given the levels of anxiety, KPMG added.
In the Indian context, the government and enterprises should take all cyber safety measures to check such attacks. According to a report by Chennai-based Cyber Security Works (CSW), the National Highways Authority of India (NHAI), Apollo Tyres, India Bulls, and Delhi Medical Council were victims of ransomware attacks in the past year, and their data has been exposed on the dark web.
Even reports have come out on data breaches in variety of sectors including pharma, telecom, e-commerce, and public sector entities. Dr Reddy's, Big Basket, Airtel, Jawaharlal Nehru Port Trust (JNPT) and Juspay had their sensitive information exposed as per reports over the last year.
According to US cyber tech firm CrowdStrike, more than one-third (34 per cent) of Indian organisations paid between $1-$2.5 million to the hackers to get back their data and system access in the last 12 months, which is second to only Singapore (69 per cent). A global survey carried out by the tech firm found that India Inc is particularly threatened by cyberattacks emanating from China and Pakistan due to rising geopolitical tensions. Over half (51 per cent) of Indian companies said that nation-state attacks will remain the biggest worry in 2021.
Against this backdrop, organisations will be well-advised to create awareness among their employees regarding ransomware attacks. With a raging second wave sweeping across India, the likelihood of return of employees to offices remains remote in the near team. As most workers continue to operate from home, cybersecurity measures are a must to save precious personal and business data from hackers.