India proved to be in top five countries suffering from ransomware attacks. The malware victims are forced to pay a ransom through certain online payment methods in order to access their systems and get their data back.
“Ransomware attacks are high in India and it is one the top five countries that has most infections,” Vitaly Kamluk, Head of APAC Global Research and Analysis Team, Kaspersky Lab, stated.
The statistics presented by Kamluk during a roundtable discussion on “Security Threat landscape”, proved that India takes the first place in the list of countries which were attacked by Teslacrypt ransomware in March-May 2016, and ranked fourth in the countries attacked by Locky ransomware during the same period.
During March-May 2016, 11,674 users in India were attacked by TeslaCrypt ransomware, and 564 users were attacked by Locky ransomware during the same period.
Locky is classified as a Windows ransomware infection which came out in the mid-February, this year. The ransomware infection affects all versions of Windows.
Currently, TeslaCrypt ransomware is not active. Its master key was released by the ransomware developers and a free decryption tool is already available on the internet.
According to Kamluk, the Kaspersky Lab report states that Karnataka (36.58%) was the most affected state with ransomware with Tamil Nadu (16.72%) taking the next spot.
Maharashtra (10.86%) is the next, followed by Delhi (10.00%), West Bengal (6.70%), Uttar Pradesh (5.33%), Telangana (4.54%), Kerala (3.87%), Gujarat (2.35%) and Haryana (1.96%) at the last position.
When discussing the global trends, Kamluk stated that there are majorly five types of ransomware which are making the rounds on the internet today — encryption ransomware, master boot record (MBR) ransomware, screen locker, ransomware encrypting web servers and mobile device ransomware, which is majorly affecting Android devices. In addition, Kamluk said that internet users who are not aware are the entities most prone to ransomware attacks.
“Popular propagation methods of the infection include infected websites, malvertising (malicious advertising), transfer of affected file via e-mail – such as documents or multimedia files — or instant message and social networks,” he explained.
On a question about whether to pay or not to pay to get the data back, Kamluk said that, “an attacked user should not pay the ransom as there is no guarantee that the attacker will release a key to you”.
To be safe or to avoid data loss after being attacked by a cyber criminal, Kemluk advised the users to have backups and keep it in a safe place. He added that users should use reliable antivirus solution and update them regularly to patch any vulnerable loopholes. Kemluk also stated that governments and antivirus service companies should work together to check the cyber attacks.
“CoinVault decryptor was built by Kaspersky Lab and the Netherlands’ National High Tech Crime Unit to counter such attacks,” he said, adding that thousands of decryption keys are available for CoinVault, Bitcryptor and CryptXXX infections with the company.
When being asked, will there be a decline in antivirus software usage after the launch of hardware security modules such as “crypto-level security in hardware” in microprocessors, Kemluk answered that, “Antivirus software is kind of a personal advisor. Unless you have a very technical friend to reverse engineer the threat, you will need these softwares to do that work for you. Antivirus softwares are going to stay because developers will be developing new softwares over time.”
