The Tamil Nadu Public Department has suffered a ransomware attack that has encrypted certain sensitive documents of the department, including files related to VIP visits, their programs, and related arrangements made by State Protocol Officials, The Hindu reported.
Post encryption, officials from the Centre for Development of Advance Computing (C-DAC) and the Computer Emergency Response Team are trying to decrypt the files. The State Govt’s Electronic Corporation of Tamil Nadu (ELCOT) collaborates with C-DAC for e-governance and cyber security management issues.
Cybercriminals have demanded payment of $1,950 in cryptocurrency as ransom for delivering the decryption code.
Neeraj Mittal, Tamil Nadu’s Secretary of Information Technology told IANS, “It is true. Some computers suffered the ransomware attack.” He added that the government was “trying to get back the access.”
What is a ranomware?
Ransomware is a virus/ malware that encrypts the files on the computer it infects. Hence, users are unable to access their files without a password post encryption. The encryption that hackers use is so strong that users or even experts cannot crack it.
Hackers usually demand money in the form of cryptocurrency in lieu of the decryption key. However, hackers have also started to threaten the victims that they will share the files online if they don’t pay.
How did it happen?
Out of the 12 desktop computers that the department was using, 8 were operating on the outdated Windows 7. Citing an unnamed official, the Hindu said the ransomware is click-based. The official said:
“We need an effective IT security policy and First Responders in computer forensics to handle such situations. Use of outdated operating systems with no software updates and anti-virus protection remains a threat. The ransomware is click-based and could have landed in the form of a WhatsApp message (opened on a desktop computer), email, pop-up etc.”
The official said that the department will soon lodge a formal complaint with the police.
The Ransomware Pandemic
The Secretary-general of Interpol has said that much like the covid-19 pandemic, ransomware is also mutating into different variants and criminals are reaping huge profits. In the past few months, the USA has witnessed multiple cyberattacks including the Colonial Pipe hack, REvil ransomware at a United States nuclear weapons contractor, JBS hack, among others.
Chainalysis reported that criminals made $350 million in 2020 from ransomware payments. It shows an increase of 311% in one year. Palo Alto Networks reported an increase in ransomware payments by nearly 171%.
In May 2021, the Darkside ransomware gang reportedly made $90 million in merely 9 months of operation. According to a report by Check Point Research, India is the most ransomware-affected nation in 2021. 74% of Indian companies were hit by ransomware attacks in 2020. Organizations on average face 213 attacks every week, against 51 in the Asia Pacific Region, 29 in North America, and 14 in Europe in Latin America. Africa faces only 4 attacks per week.
You can use the steps listed in this article to avoid a ransomware infection.