- Ransomware is a type of malicious software, used by cyber criminals, to infect a computer system by blocking access to the stored data by encrypting the files. A ransom is then demanded from the owner in exchange for the decryption key.
- According to Interpol’s first-ever Global Crime Trend report, ransomware was the second highest-ranking threat after money laundering, at 66%. It is also expected to increase the most (72%).
Agencies dealing with cyberthreat in India
- The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency that collects, analyses and circulates inputs on cyber-attacks; issues guidelines, advisories for preventive measures, forecasts and issues alerts; and takes measures to handle any significant cyber security event. It also imparts training to computer system managers
- The National Cyber Security Coordinator, under the National Security Council Secretariat, coordinates with different agencies at the national level on cybersecurity issues
- The National Critical Information Infrastructure Protection Centre has been set up for the protection of national critical information infrastructure.
- The Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for detection of malicious software programmes and to provide free tools to remove the same.
Best Practices recommended by CERT-In
- Maintain regularly offline data backups . The backup data needs to be encrypted, immutable and should cover the entire organisation’s data infrastructure.
- Regularly check data and code/scripts integrity
- All accounts should have strong and unique passwords
- Have an account lockout policy
- Multi-factor authentication for all services to the extent possible
- Have separate administrative network from business processes with physical controls and Virtual Local Area Networks
- A host-based firewall should be installed to only allow connections to such shares via server message block from a limited set of administrator machines;
- Disable remote desktop connections;
- Have the least-privileged accounts for remote desktop usage
- Have a proper Remote Desktop Protocol logging and configuration, and spam-proof email validation system
- Anti-virus software should be updated
- Users must not open attachments or URL links (even ostensibly benign) in unsolicited e-mails and use secure web browsers,
Why in News?
- e-services at the All-India Institute of Medical Sciences (AIIMS) were crippled by what is being suspected to be a ransomware attack.