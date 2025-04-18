Express Computer

By Express Computer
Organizations in India continue to face an increase in ransomware attacks in 2024. Latest finding from Kaspersky shows that businesses here faced 665 ransomware attempts on a daily basis, on average.

Ransomware, as the name suggests, is malicious software designed to block access to a computer system or encrypt its data until a sum of money (a ransom) is paid. These attacks have been carried out on both individuals and corporations.

Overall, Kaspersky solutions used in businesses in India detected and blocked a total of 243,548 ransomware attacks between January to December last year. 

“Ransomware groups targeting organizations in India know no sector. From small banks to the most critical state infrastructure, history shows us that India is facing a relentless surge in ransomware attacks aimed at businesses, banks, and public services. Institutions and companies are now under increasing pressure to implement far stronger defenses to protect their critical data,” comments Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

The most common type of ransomware in India last year is Trojan-Ransom.Win32.Wanna.m. This type of Trojan modifies data on the victim’s computer so that the victim can no longer use the data, or it prevents the computer from running correctly. 

Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cybercriminal will send a program to the victim to restore the data or restore the computer’s performance. 

“Ransomware groups persist in refining their tactics, exploiting known vulnerabilities and leveraging advanced tools like Meterpreter and Mimikatz to gain unauthorized access. By targeting internet-facing applications, manipulating local accounts, and evading endpoint defenses, they demonstrate a sophisticated mastery of network weaknesses. The ongoing threat emphasizes the urgent need for robust cybersecurity defenses, as adversaries continue to innovate and exploit even the most familiar vulnerabilities,” adds Hia.

To mitigate the risk of ransomware attacks, individuals and organizations should prioritize cybersecurity measures.

  1. Use robust, properly-configured security solutions like Kaspersky NEXT.
  2. Implement Managed Detection and Response (MDR) to proactively seek out threats.
  3. Disable unused services and ports to minimize the attack surface.
  4. Keep all systems and software up to date with regular updates and patches.
  5. Conduct regular penetration tests and vulnerability scanning to identify and address vulnerabilities promptly.
  6. Provide comprehensive cybersecurity training to employees to raise awareness of cyberthreats and best practices for mitigation.
  7. Establish and maintain regular backups of critical data, and test backup and recovery procedures regularly.
  8. Use Threat Intelligence to keep track of the latest TTPs used by groups and adjust your detection mechanisms to catch these.
  9. Pay special attention to any “new” software being run and installed on systems within your network (including legitimate software).

Express Computer

