1. Home
2. Blogs

Phobos Ransomware Attack - What is it, And How Does It Work?

• 
• 
• 
• 0
• 0

The world functions in cyberspace, and there is excessive dependence on technology. With the benefits come the disadvantages and the threats, and these sometimes can cause heavy losses. Cyber insurance is one of the fastest-growing insurance fields all over the world, with insurers creating more products and offering more coverage. Every year, there is a new threat, and the risks it poses are immense.

One such threat today is a ransomware attack. For those who are new to the term, it is a type of malware attack that focuses on the information on the system by blocking access to it. The attacker usually asks for a ransom to give the information. If you look at the figures in, you will realise that such attacks are very common. Let us understand these attacks in detail and also their working and, most importantly, ransomware protection.

What is ransomware?

Ransomware is a type of malware that encrypts a victim’s files and then demands that the victim pay the ransom demanded for the code to unravel the encryption. It is usually transmitted through infected email or by taking advantage of a loophole. Ransomware can easily spread through the network devices once it has penetrated a particular system. The consequences may be catastrophic for organisations, as business processes become paralysed when key information and IT assets are unavailable.

The costs of ransomware attacks can be covered through cyber insurance and this may include things such as crisis management, negotiations with the attackers, restoration from backups, upgrading IT systems temporarily, any business losses that may have resulted from the attack and even if pressed to it, paying for the ransom but this is generally not encouraged. Cyber insurance is imperative in managing today’s ransomware risk, and having sufficient coverage is crucial.

Why are ransomware attacks emerging?

Ransomware is not a new concept and has existed for a long. It is in the recent past that cyber specialists have realised the threats and issues it poses, and today, you will find a lot of claims in cyber insurance for the same. Some of the reasons for the rise in cases are:

1. Change in work patterns,

2. Higher regulatory and reputational penalties, and

3. Easier access for attackers for ransomware tools.

How ransomware works?

Let us understand how a ransomware attack works as this will make ransomware protection easier:

1. Malware is received by email or any other authentic way,

2. The virus or the malicious files are downloaded on the system,

3. The code then encrypts the files on the system,

4. The data on the system gets blocked,

5. A ransom notice is revived with the amount and a deadline, and

6. To get back the data, the amount needs to be paid.

How to protect against ransomware?

Once you have understood ransomware and the impact it can have on a business, you should know how to protect your system against it. Having cyber insurance is important rather than mandatory due to the excessive presence in cyberspace due to different reasons.

There are some simple steps that can be taken to prevent ransomware.

1. Have data backup

It is imperative to take a backup of the data periodically. The backup should create the entire data infrastructure of the organisation.

2. Firewall

A host-based firewall has to be allowed to limit the number of connections from administrative machines to administrative shares. This is a good way of ransomware protection.

3. Protect the account

Strong passwords need to be used to protect all accounts. For all services, multi-factor authentication should be used.

4. Anti-virus

Though very basic but many people tend to miss this. All systems in the organisation should have an anti-virus installed and should be updated periodically.

5. Disable remote desktop access

All efforts and steps need to be taken to ensure there are no remote desktop connections. While this can be essential sometimes, limiting accounts to get this access is very important to keep the system safe.

6. Create awareness

The employees in an organisation should be made aware that they need to be very cautious about clicking on links and downloading files. They need to check the authenticity of the mail and should never click on any link in any unsolicited emails.

How to remove ransomware?

You can take all possible measures to prevent ransomware and ransomware protection, but there are attacks that can happen. Some steps can be taken to attempt to remove the virus and restore data. Some of these are:

1. You can try and restore the data from the backup that is available,

2. The clean-up software being used should identify and isolate the files and not remove the virus or the infection,

3. Ensure there is no backdoor entry created by the hackers to get access to the system,

4. Try and identify the type of ransomware and the method that was used to encrypt, and

5. After the identification is made, ransomware recovery tools can be used to decrypt the files

Increasing trend of ransomware in India

Ransomware attacks have become common all over the world and India is also not immune to it. As per the study, there was a 36% hike in ransomware attacks in India in 2021 as compared to the previous year. More than 2 million cyber attacks were recorded in the first half of this year. The growth of digital infrastructure in India especially during the pandemic has led to the growth of attack surfaces.

Ransomware attacks and its implications

Ransomware attacks can have crippling effects on businesses and organisations:

1. Financial loss

Pay-outs, recovery of systems and data, and loss of operation time result in direct monetary losses. The mean of ransom demands made to Indian organisations is over INR 5 crore.

2. Reputation damage

The leakage of data and disruption of services resulting from an attack negatively affects the brand image. According to a survey, 87% of Indians said they did not want to reconnect with the brand after cybersecurity exposure.

3. Legal Issues

Failure to report breaches in a timely manner contravenes data protection laws such as the General Data Protection Regulation (GDPR) and the Data Protection Bill (proposed). Penalties and legal actions could be taken by the regulatory body.

Cyber insurance as a risk management technique

Cyber insurance can provide financial, technical, and legal assistance in case of ransomware attacks:

1. Ransom amount coverage

Policies provide for direct costs such as the ransom demanded and the cost of restoring the systems. Pre-approved payments simplify negotiations.

2. Incident response support

In case of an incident, insurers offer clients a line to cybersecurity professionals for prompt incident response and the first steps towards rectification.

3. Liability Protection

This includes legal expenses associated with litigation, penalties, and compensation. Eg. The legal fee was 25% of a claim in India as per the EY.

Some of the big attacks involving ransomware in India

1. JusPay Hacked (2021)

Sensitive information such as card numbers, customer bank accounts etc. were compromised. Services were closed for more than three weeks during the investigation period.

2. Dr Reddy (2022)

A cyber attack on its data centre halted operations. Potential financial repercussions are seen in Q4 figures.

The way forward

According to different forecasts, annual cyber insurance could increase over 15 times within 5 years to Rs 7500 crore. Nevertheless, insurance cannot be seen as a risk transfer mechanism in Indian organisations; rather, it can be seen as a way to reduce loss. It is, therefore, imperative to integrate cyber insurance with proper IT security policies to address the ransomware issue.

Conclusion

Ransomware affects not only businesses and companies but can also victimise individuals. Due to the lucrative nature of its operations, hackers have taken time to develop even more advanced forms that are almost impossible to counter. The only safeguard against it is preemption which is maintaining cybersecurity protocols; backing up the system; training employees; and updating the system to remove vulnerabilities.

Disclaimer: The above information is for illustrative purpose only. For more details, please refer to policy wordings and prospectus before concluding the sales.

RELATED ARTICLES

What are the Most Common Types of Cyber Security Attacks?

Are you a WhatsApp user? Here are the steps to avoid cyber attack

How Does Cyber Insurance Safeguard Against Malware Attacks?

Reason behind the Rise in Cyber-Attacks

Important Cybersecurity Tips For Employees 2024

---

• 
• 
• 
•