Ransomware is a type of malware from an attacker that threatens to publish the victim’s data or block access to the data unless a ransom is paid. Ransomware usually encrypts the victim’s files and makes them inaccessible and demands ransom payment to decrypt them.
Ransomware is an ever-evolving form of malware and the attacker tries to trick the victims through unsuspecting ways. The victims range from government entities, critical infrastructure organizations, corporates to individuals. The ransomware attackers sometimes threaten to sell or leak the data to competitors or outsiders if the victim does not pay the ransom. The attackers not just threaten to sell that data but also threaten to publicly naming and shaming the victims for extortion purposes.
How Does Ransomware Happen?
Ransomware attacks are usually carried out using Trojan which tricks the victims to download or open the attachment usually sent by the attacker through emails. The innocent victims thinking it to be a legitimate attachment downloads or opens the attachment sent from a disguised known/unknown email address. Once, the attachment is downloaded the virus locks or encrypts the data stored in the network. It blocks the data and the user cannot access the data.
The Impact of Ransomware Attack
The intention of a ransomware attack is to cripple the victim’s day to day operations. The operational and critical files are blocked/encrypted and victims sometimes pay the ransom demanded by the attacker to recover or decrypt the files. But it should be noted that paying the ransom does not always ensure that the victim recovers the files. Recovery process may be difficult process and sometimes the victims requires the services of a good data recovery specialist. The ransomware attacks have been destructive and impactful in nature. Further, there is also a threat that the attacker leaks the data to a competitor or names the victims in the public to shame them. This not only has a monetary loss for the victims but also leads to loss of goodwill in the market.
Mitigation Steps for Security Analysts
Every organization, whether it be individuals or government bodies or corporate should be prepared for a potential ransomware. They should have a proper mitigation steps to salvage any potential ransomware attack. Investment in software to detect the malware is worth an investment. This software can detect the malware early before it could have damaged substantially. This software to block the malware payloads from launching in the network will help to prevent infection. These may not be the complete solution to protect all the attacks. The system should have proper backup solution and is the best solution to defend against the ransomware. A security analyst should keep in mind that the ransomware attacker not only encrypts the victim’s live machine but also will attempt to delete any hot backups stored in the network. Hence, it is critical to maintain an offline backup of data stored in locations inaccessible from any infected system. These offline backup storages should not have access to the internet and should not have live connection with the network.
Further, security analyst should keep in mind that if the offline data storage is in cloud or other storage devices then it should have only append-only permission to the destination storage and should not have the right to delete or overwrite the previous backups. The security analyst should remember to update the software regularly to prevent such malware attacks. Further one should maintain cyber hygiene while opening attachments from unknown senders. Critical computers should be isolated from networks. There should be proper education programs in such cyber hygiene processes.
Ransomware, is an infringement of our Fundamental Rights guaranteed under Article 21 of the Constitution of India. No person shall be deprived of his life or personal liberty except according to the procedure established by law. Blocking one’s own data is hence a breach of Fundamental Right. So any breach of this fundamental right can be appealed in the High Court/Supreme Court of India.
Ransomware is also an act of extortion. Under section 383 of Indian Penal Code extortion is a crime punishable under the law. The attacker blocks the data and tries to extort the money from the victim. Hence, ransomware is an act of extortion and can be tried under section 383 of the Indian Penal Code. Further ransomware is also a crime under section 66 A of the Information Technology Act which states that any person who sends, by means of a computer resource or a communication device any information causing annoyance, danger obstruction, criminal intimidation etc. will be punishable under the law.
Under the Indian Computer Emergency Response Team (CERT) Rules it is mandatory that in case of any breach of cyber security, it should be reported to CERT Team. The CERT Rules require cyber incidents should be reported within a reasonable time post the event. This means that it should be reported at the earliest. The CERT desk operates 24 hours a day and seven days a week. The form can be sent by post to CERT Electronics Niketan, CGO Complex, New Delhi 110002 or by email to email@example.com. In case any person fails to furnish information as required by CERT they will be liable for a fine of up to Rs. 5000/- for everyday of default under section 44(b) of the IT Act. Further, if CERT calls for some information and the respective person fails or refuses to provide the required information, then the said person will be punishable with up to one year of imprisonment and/or fine up to Rs. 100,000/-.
An effective and successful cyber awareness training program is the need of the hour across the system. There should be a top down approach so that awareness is built across the system. Ransomware is a criminal act and should be tried at the appropriate court. However, India Inc should be geared to stop ransomware. It should take appropriate steps through security analysts to stop the ransomware. A investment in the software to prevent ransomware is worthy investment.
K Satish Kumar, is a Keynote Speaker, Author, and Group Chief Legal Officer of Intellect Design Arena Ltd.
Among the many awards he has received, the coveted are “Top 50 Legal Leaders 2019” by Legal IP Gorilla in Singapore, “GC PowerList India 2018” by London based Legal 500 , “Legal Counsel of the Year -2018” by INBA. He is actively involved in many pro bono activities through Chennai Lawyers.
The author can be reached at firstname.lastname@example.org. The views expressed are his personal.
Recent examples of consent decrees in Korea and their implications