During the period of March-May 2016, India was one of the top 5 countries affected by Teslacrypt and Locky ransomware.
India is among the top five countries in the world to be attacked by ransomware malware that forces its victims to pay a ransom through certain online payment methods in order to grant access to their systems, or to get their data back, says an executive from Russia-based software security group Kaspersky Lab.
“Ransomware attacks are high in India and it is one the top five countries that has most infections,” Vitaly Kamluk, Head of APAC Global Research and Analysis Team, Kaspersky Lab, told IANS.
According to statistics presented by Kamluk during a roundtable discussion on “Security Threat landscape,” India takes the first spot in the list of countries that were attacked by Teslacrypt ransomware in March-May 2016 and ranked fourth in the countries that was attacked by Locky ransomware during the same period.
In India, while 11,674 users were attacked by TeslaCrypt ransomware during March-May 2016, 564 users were attacked by Locky ransomware during the same period. Ransomware is a type of malware that prevents or limits users from accessing their system. Locky is a Windows ransomware infection that was released in the middle of February 2016. This ransomware infection affects all versions of Windows.
TeslaCrypt ransomware is now defunct. Its master key was released by the developers and a free decryption tool is now available on the internet. While explaining the data received by Kaspersky Labs, Kamluk said Karnataka (36.58 percent) was the most affected state with ransomware with Tamil Nadu (16.72 percent) taking the next spot.
Next came Maharashtra (10.86 percent), followed by Delhi (10.00 percent), West Bengal (6.70 percent), Uttar Pradesh (5.33 percent), Telangana (4.54 percent), Kerala (3.87 percent), Gujarat (2.35 percent) and Haryana (1.96 percent) at the last spot.
While talking about the global trends, Kamluk said there are majorly five types of ransomware that are making the rounds on the internet today — encryption ransomware, master boot record (MBR) ransomware, screen locker, ransomware encrypting web servers and mobile device ransomware, which is majorly affecting Android devices. Kamluk noted that internet users who are not aware are the entities most prone to ransomware attacks.
“Popular propagation methods of the infection include infected websites, malvertising (malicious advertising), transfer of affected file via e-mail – such as documents or multimedia files or instant message and social networks,” he noted.
While answering a question about whether to pay or not to pay to get the data back, Kamluk said, “an attacked user should not pay the ransom as there is no guarantee that the attacker will release a key to you”.
To be safe or to avoid data loss after being attacked by a cyber criminal, Kemluk advised the users to have backups and keep it in a safe place. He said users should use reliable antivirus solution and update them regularly to patch any vulnerable loopholes. He said governments and antivirus service companies should work together to check the cyber attacks.
“CoinVault decryptor was built by Kaspersky Lab and the Netherlands’ National High Tech Crime Unit to counter such attacks,” he noted, adding that thousands of decryption keys are available for CoinVault, Bitcryptor and CryptXXX infections with the company.
On being asked, will there be a decline in antivirus software usage after the launch of hardware security modules such as “crypto-level security in hardware” in microprocessors, Kemluk said, “Antivirus software is kind of a personal advisor. Unless you have a very technical friend to reverse engineer the threat, you will need this software to do that work for you. Antivirus software are going to stay because developers will be developing new software over time.”
Kaspersky is now rolling out 360-degree security solutions for enterprises, Altaf Halde, Managing Director (South Asia) Kaspersky Lab, India said. “We have started offering very focussed services to the enterprises, such as solutions for data centres, light agent solution for virtualised environment that does not degrade its speed and performance and solutions for industrial security,” Halde noted.