New ransomware attacks still keeping Indian cyberspace at risk: Kaspersky

Cybersecurity firm Kaspersky warned on Wednesday that India, which experienced over 200,000 ransomware attacks in 2023, is likely to face similar cyber threats in the future.

According to Jaydeep Singh, the General Manager for South Asia at Kaspersky, research conducted by the firm indicates that India is consistently among the top 12 targeted countries and territories for Advanced Persistent Threats (APTs).

Kaspersky reported detecting over 200,000 ransomware incidents targeting businesses in India in 2023. The company noted that prominent ransomware groups like Fonix and LockBit targeted organizations globally and in India across sectors like manufacturing, retail, agriculture, media, and healthcare.

Major ransomware groups like Fonix and LockBit targeted organizations globally and in India across sectors such as manufacturing, retail, agriculture, media, and healthcare.

Fonix persists as a Ransomware-as-a-Service (RaaS) malware, despite claims of closure. LockBit, another prominent ransomware, targeted major Indian organizations by infecting Windows systems. Notably, it became the first ransomware to infect Apple systems as well.

"For three years in a row, file encryption has been the top problem faced by enterprises and organisations worldwide and in India. From the basic ransomware attacks like the Wannacry in 2017, we have reached the era of Ransomware 3.0 where we see triple extortion in the form of distributed denial-of-service (DDoS), reselling of data, and public blackmailing. "This form of attack has a wider impact on the financial and reputation aspect of Indian companies," Singh said.

Singh emphasized the growing threat of ransomware to IT and OT systems in India. Kaspersky underscores the critical importance of enhancing cybersecurity defenses by implementing threat intelligence capabilities.

Kaspersky Head of Presales for South Asia Arun Gantayat said, "In the digital landscape of India, where Industry 4.0 converges with traditional manufacturing, the heartbeat of progress lies in the fusion of Threat Intelligence and Industrial Cybersecurity," Gantayat said.

Ransomware is a type of malware that encrypts and locks a victim's files, devices, or systems, rendering them unusable until a ransom is paid to the attacker. Initially, ransomware primarily used encryption to block access to data and computers.

Ransomware attacks can disrupt operations and lead to the loss of critical data and information, posing significant financial risks.