Ransomware

Ransomware is a form of malware that locks and encrypts the data, files, devices, or systems of a victim, discarding them as nonfunctional and insignificant until

INTRODUCTION

Ransomware is a form of malware that locks and encrypts the data, files, devices, or systems of a victim, discarding them as nonfunctional and insignificant until the attacker is paid a ransom. To prevent victims from accessing their data and computers, the initial ransomware versions merely employed encryption. However, victims with consistent backups were able to recover their data, eliminating the requirement for a ransom. The use of extra threats by hostile actors to coerce victims into paying ransoms led to the adoption of cyber extortion techniques. To stop organizations from recovering their data, attackers also began focusing on the victims’ backups. According to Veeam’s “2023 Ransomware Trends Report,” more than 93% of ransomware assaults over the previous year exclusively targeted backup data,

Unintentional individuals may unknowingly browse infected websites, and ransomware can also be delivered as part of other malware payloads. Malware can be retrieved from malicious websites via advertisements, downloaded as attachments from email scams, or dumped onto susceptible computers using exploit kits. Ransomware can lock the computer screen or encrypt predefined files once it has been executed. In the first case, an infected system’s screen displays a full-screen graphic or notification that prevents a victim from using it and gives instructions on how to pay the ransom. In the second case, ransomware blocks access to potentially important or priceless assets like spreadsheets and papers because it scares or intimidates users into paying a charge or ransom, ransomware is referred to as “scareware”.1

HISTORY

Between 2005 and 2006, instances of ransomware first appeared in Russia, according to Trend Micro’s data. This ransomware variant compressed specific file types before overwriting the original files. An SMS ransomware threat that instructed customers to call a premium number to pay the ransom was covered by Trend Micro in 2011. Another noteworthy revelation concerned a ransomware variant that corrupts a susceptible device’s Master Boot Record (MBR), preventing the operating system from booting. Infections with ransomware were first exclusive to Russia, but they later extended to other nations in North America and Europe. By March 2012, Trend Micro has seen a steady increase in ransomware attacks in North America and Europe. Instead of the standard ransom letter, this new wave of ransomware presented a notice page (ostensibly from the victim’s local police department).

The ransomware variant known as Reveton, which poses as law enforcement organization, is notorious for displaying a notice page that appears to be from the victim’s neighborhood police department. Reveton variations keep track of the whereabouts of its victims so they may determine which local law enforcement agency is appropriate to users. By encrypting files in addition to locking a machine, CryptoLocker, a new kind of ransomware, appeared in late 2013. In exchange for a decryption key to open the locked data, crypto ransomware asks money from the afflicted customers. Analysis reveals that the virus employs asymmetric key cryptography, namely AES + RSA.

The spam campaign that caused CryptoLocker infections used spammed email with malicious attachments from the TROJ_UPATRE malware family. A new CryptoLocker variant, known as WORM_CRILOCK.A, that can spread through portable devices and does not rely on downloaded software like CRILOCK, appeared at the end of 2013. Database, web, office, video, picture, script, text, and other non-binary files can all be encrypted by CryptoDefense or CryptorBit, another sort of file-encrypting ransomware. To prevent encrypted files from being restored, it also deletes backup files and charges money to obtain the decryption key for the locked files.2

“Ransomware attacks have been on the rise, with a 148% increase in 2020 and an attack happening every 14 seconds. These cyber threats have a global impact, targeting organizations and individuals across the world. The primary motive for ransomware attacks is often economic gain, leading to significant financial losses for businesses and individuals. Ransomware can disrupt technological growth, causing downtime, data loss, and financial damage.

To mitigate and prevent ransomware, organizations and individuals must prioritize cybersecurity measures, such as regular software updates, employee training, and robust backup and recovery strategies. Collaborative efforts between public and private sectors are essential. Governments and regulatory bodies are developing or enhancing regulations to combat ransomware attacks, and compliance with these regulations is becoming more critical for organizations. Backup and recovery strategies, such as regular data backups and incident response plans, are crucial for recovering from ransomware attacks without paying the ransom. Public awareness and education are also essential in the fight against ransomware.” 3

JUDICIAL PROVISIONS

  1. In the Constitutional Law, Incidents involving ransomware have the potential to infringe on rights guaranteed by the Constitution, such as privacy and individual liberties. The fundamental rights to life and personal liberty are established in Article 21.4 of the Indian Constitution. Ransomware attacks frequently entail unauthorized access, data breaches, encryption, extortion, emotional anguish, and financial consequences, all of which infringe on fundamental rights. Those who have been harmed may seek legal remedies to protect their constitutional rights, and authorities and law enforcement organizations are actively engaged in pursuing legal action against wrongdoers. Reflecting the constantly shifting world of technology and privacy, legal and regulatory frameworks are constantly altering to better manage cybercrimes and preserve individuals’ constitutional rights in the digital age. To ensure the preservation of constitutional rights in the digital era, it is crucial to continue updating legislative and regulatory structures.
  2. To safeguard personal information in India, the Information Technology Rules of 2011 were created. Prior to the introduction of these regulations, people in India depended on tort law to seek redress for privacy violations, and the Supreme Court of India only granted a very limited amount of constitutional protection for the right to privacy, mostly under Article 21.5 It’s important to remember that ransomware is not covered under the Information Technology Act and the restrictions that go along with it.
  3. The Indian Penal Code (IPC) Sections 463, 465, and 468, which deal with forgery and “forgery to defraud,” may be relevant in situations of identity theft. The following IPC provisions are frequently used to handle offences involving fraud and identity theft:

“Section 463: Forgery.—3 [Whoever makes any false document or false electronic record or part of a document or electronic record, with intent to cause damage or injury], to the public or to any person, or to support any claim or title, or to cause any person to part with property, or to enter into any express or implied contract, or with intent to commit fraud or that fraud may be committed, commits forgery.”6

“Section 465. Punishment for forgery. —Whoever commits forgery shall be punished with imprisonment of either description for a term which may extend to two years, or with fine, or with both.”7

“Section 468. Forgery for purpose of cheating. —Whoever commits forgery, intending that the 3 [document or electronic record forged] shall be used for the purpose of cheating, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall also be liable to fine.”8

CASE STUDIES

DHARMA 
Using a ransomware-as-a-service (RaaS) business model, the ransomware outbreak known as Dharma has been active since 2016. According to this strategy, the creators provide other criminals a license to use the ransomware or sell them the virus, who then use it to launch actual assaults. Affiliates of the Dharma don’t appear to focus on any industries, but rather cast a wide net.

CrowdStrike has determined that the original Dharma developer made the source code accessible in 2016 but then stopped their operations. Since this threat actor left, Dharma has been adopted and sold by a number of seemingly unrelated parties. Two or more of these performers were active in 2019, and at least one was still going strong in January 2020.9

Kaseya
The REvil organization targeted the software business Kaseya on July 2, 2021, inflicting the largest ransomware assault. The hack made Kaseya’s IT management software, causing organizations to unknowingly download a malicious update that infected their machines with ransomware. The victims’ data had been encrypted, and ransom letters informed the victims of this. The message offered to supply decryption software, enabling people to retrieve their files, for $45,000 in 00 in Bitcoin.10

Covid-19
Data leaks, appointment cancellations, and delays in COVID-19 testing were caused by a ransomware assault that struck Irish hospitals in May 2021. A weakness in a virtual private network that the Health Service Executive managed was exploited by the attackers. The cybercrime organization Wizard Spider from Russia demanded $19,999,000. To preserve records manually until the matter was addressed, the Irish prime minister refused to pay.11

Ryuk
A wire transfer phishing case from mid-2020 brought to light the risk of this type of online fraud, which involves a fictitious invoice and a stolen email account. Businesses lose billions of dollars annually as a result of this kind of fraud. In this specific case, though, the bogus invoice led to a ransomware infestation rather than a fraudulent wire transfer.

An email with a malicious Microsoft Word file attachment was opened by a food and beverage manufacturer employee. The Emotet and Trickbot malware was let loose on the employee’s PC as a result of this activity. These malware infections opened a backdoor for hackers to access the company’s systems and use them to spread the Ryuk ransomware.Even though the business declined to pay the ransom, it nevertheless suffered heavy losses. More than half of the company’s systems were left inoperable for 48 hours, and the company was forced to call in security specialists to get access back.12

Hive 
Around 1,500 companies worldwide were the target of the Ransomware as a Service (RaaS) platform Hive in April 2022. A pass-the-hash approach was employed in the assault, which impacted users of Microsoft Exchange Server in a number of industries, including healthcare, financial services, energy, and organisations. It was already possible for the attackers to run malicious malware on the Exchange server since they had installed a backdoor web script. After obtaining the NTLM hash via Mimikatz, they took over via the pass-the-hash method. Before releasing their ransomware payload, Hive carried out reconnaissance and collected data. The Hive backend servers were taken over by the US Department of Justice, which also declared the activities to be shut down. In response to ransomware assaults, Attorney General Garland stressed the need of cybersecurity awareness.13

Colonial Pipeline Company
Targeted by the Darkside ransomware group on May 6, 2021, the US’s largest refined oil pipeline is the Colonial Pipeline Company. In addition to causing significant interruptions at petrol stations, the ransomware gang made millions of dollars from the attack. By taking advantage of a hacked password—possibly obtained from the dark web—the fraudsters were able to enter Colonial’s servers. The company’s billing processes were impacted by the theft of about 100 terabytes of data. Some sections of the southern US experienced petrol shortages and panicked gasoline purchases as a result of the strike, which momentarily stopped oil shipments. A state of emergency was proclaimed by the Biden government. To get through the situation, Colonial Pipeline paid a $4.4 million Bitcoin ransom. Daily living was disrupted by the ransomware’s direct impact on petrol pricing and supplies.14

  1. Ransomware. (n.d.). https://www.trendmicro.com/vinfo/us/security/definition/Ransomware
  2. Ransomware. (n.d.). https://www.trendmicro.com/vinfo/us/security/definition/Ransomware
  3. Carrillo, M. R., & García-Teodoro, P. (2022, August 1). Ransomware: An Interdisciplinary Technical and Legal Approach. Security and Communication Networks; Hindawi Publishing Corporation. https://doi.org/10.1155/2022/2806605
  4. INDIA CONST. art, 21
  5. INDIA CONST. art, 21
  6. Indian Penal Code1860 §463
  7. Indian Penal Code1860 §465
  8. Indian Penal Code1860 §468
  9. 16 Ransomware Examples From Recent Attacks – CrowdStrike. (2023, April 27). crowdstrike.com.  https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-examples/
  10. T. (2023, October 4). 18 Examples of Ransomware Attacks. Tessian.
  11. T. (2023, October 4). 18 Examples of Ransomware Attacks. Tessian.
  12. T. (2023, October 4). 18 Examples of Ransomware Attacks. Tessian.
  13. 16 Ransomware Examples From Recent Attacks – CrowdStrike. (2023, April 27). crowdstrike.com. https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-examples/
  14. T. (2023, October 4). 18 Examples of Ransomware Attacks. Tessian.

Views: 57
Related Posts
Navigating the Waters of FDI: Compliance and Opportunities
Navigating the Waters of FDI

India is a worldwide economic powerhouse that attracts investors globally to explore its vast array of prospects in the ever-expanding Read more

Sensitive Data
Sensitive Data

Sensitive Data Breach  All confidential information stored and managed by an individual or organization, accessed only to authorized users with Read more

Data Breach
Data breach

A cybersecurity incident known as a "data breach" occurs when unauthorized parties obtain sensitive, private, or otherwise protected data, such Read more

Navigating the Conundrum: Personal Guarantors and the Insolvency and Bankruptcy Code 2016
insolvency and bankruptcy code 2016

The comprehensive framework of the Insolvency and Bankruptcy Code, 2016 (IBC) has been established with the objective to provide relief Read more

Provident Fund (PF) for International Employees in India: A Guide to Post-Termination Procedures

For international employees who have completed their service in India, the process of claiming their Employees' Provident Fund (EPF) benefits Read more

Cinematic Evolution of Film Financing in India

The Indian film industry has witnessed a remarkable journey over the decades, evolving from a nascent, struggling entity Introduction The Read more

Demystifying FEMA Regulations: A Guide For Foreign Investors

Foreign Direct Investment (FDI) has been instrumental in shaping the global economy, allowing capital to flow across borders and promoting Read more

Safety and Hygiene Measures 

Coworking spaces have highly transformed the conventional work approach by offering them space, comfort, and flexibility. While maintaining hygiene and Read more

Healthcare Startups: Turning Regulatory Roadblocks into Stepping Stones for Success

In the era of healthcare innovation, startups play a crucial role in propelling transformative change. The sudden outbreak of the Read more

WIPO & Member States Approve the Treaty Relating to IP, Genetic Resources and Associated Traditional Knowledge

As a result of decades of negotiations, Word Intellectual Property Organization (WIPO) member states have approved a groundbreaking treaty relating Read more

Need help with legal issues?
Call Back Request

Leave a Reply

Your email address will not be published. Required fields are marked *