Ransomware attacks have become a significant threat to individuals and organizations worldwide. Recently, the Computer Emergency Response Team of India issued an alert for a new ransomware strain named “Akira.”
The Akira Ransomware
The recently discovered Akira ransomware targets both Windows and Linux devices, stealing and encrypting data to force victims to pay double ransom for decryption and recovery. The ransomware appends the “.akira” extension to encrypted files and deletes Windows Shadow Volume copies on affected devices. It also closes processes and shuts down Windows services to avoid interference during encryption.
What is Ransomware?
Ransomware is a type of malware designed to deny users or organizations access to their own computer files by encrypting them. Cyber attackers demand a ransom payment in exchange for the decryption key, forcing victims into a difficult position where paying the ransom may seem like the easiest way to regain access to their crucial files.
The Rise of Ransomware
Ransomware has quickly emerged as the most prominent and visible form of malware. Recent attacks have severely impacted hospitals, public services, and various organizations. Attackers have even gone a step further by stealing sensitive data to provide extra incentive for victims to pay the ransom.
Protecting Against Ransomware
The Indian Computer Emergency Response Team (CERT-In) advises users to follow basic internet hygiene and protection protocols to enhance their security against ransomware. These measures include maintaining up-to-date offline backups of critical data to prevent data loss, ensuring regular updates for operating systems and networks, and implementing virtual patching for legacy systems and networks.
India’s Cyber Security Landscape
India has witnessed a significant rise in cyber security incidents, with an average of 3,835 incidents reported every day in 2022. The country ranks third among the top 20 countries victimized by cyber crimes. However, India currently lacks a dedicated cyber security law, and the Information Technology Act, 2000, remains the primary legislation for cyber security-related matters.
Laws Related to Cyber Security in India
The Information Technology Act, 2000, provides legal recognition and protection for electronic transactions. It focuses on information security, defines reasonable security practices for corporations, redefines the role of intermediaries, and recognizes the role of CERT-In. The National Cyber Security Policy (2013) aims to protect public and private infrastructure from cyber attacks and safeguard sensitive information.
Institutions Involved in Cyber Security in India
India has established several institutions to combat cyber threats and ensure cyber security:
- Indian Computer Emergency Response Team (CERT-In): Established in 2004, CERT-In operates under the Ministry of Electronics and Information Technology. It serves as the nodal agency to address cyber security threats like hacking and phishing.
- Indian Cyber Crime Coordination Centre (I4C): An initiative of the Ministry of Home Affairs, I4C is responsible for coordinating and combating cyber crimes in India effectively.
- National Cyber Crime Reporting Portal: Launched on a pilot basis in August 2019, this citizen-centric portal enables users to report cyber crimes online, facilitating action by law enforcement agencies.
