Nobody has forgotten the chaos created by the “WannaCry” Ransomware attack all around the world, owing to its lateral movement. It was immensely powerful and had silently penetrated the networks, gradually spreading in all the far and near countries. This had alarmed the security community, which was very quick in taking down all the infrastructure that was linked with WannaCry. It was successful to a great extent and the security community did relieve the people of this dangerous ransomware – but it was not enough.
Owing to the ransomware’s stability across networks, the latest scan performed by eScan has observed that the Ransomware attacks in India have not completely perished – it still exists, albeit, in dormant form. Nonetheless, that doesn’t make it less hazardous.
The Rise of GandCrab Ransomware Attacks In India
On a regular basis now, eScan’s telemetry servers have been observing and recording WannaCry ransomware’s reminiscent artefacts. You need not panic, however, in the last few months, the cases involving WannaCry have come down steadily. Seeing the uniform decrease, we can hope that by this year-end, WannaCry would completely retreat, meeting the same fate encountered previously by Conflicker Worm or DNS Changer Botnet.
On the other hand, a lot of newer variants of the Ransomware have been added in the family over the period of last few years. However, most of them did not go through active development, while a very few like GandCrab and ZZZ* did. Over the period of the last few weeks, GandCrab, first spotted on January 26, 2018, has acquired a centre-stage and is growing at a very rapid rate. It implies that the Ransomware Developer / Criminal nexus is acquiring more power and is getting stronger with passing days. Besides, a lot of cyber-criminals are now changing their loyalties to GandCrab – just because of the blunt fact that the developers are portraying a lot of interest in this Ransomware, with adding numerous weapons to its arsenal.
Share of Ransomware Attacks In India
You might wonder the next step of evolution for Ransomware, considering its current power. Well, it is Crypto miners with Info stealers along with a Ransomware – all combined in one.
India has had a long history with Ransomware attacks – where Maharashtra led the way for the week. In other states such as Gujarat, Telangana, Uttar Pradesh and Kerala – an increase in the activity of the GandCrab Ransomware attacks have been observed. The xtbl, Korean, Dharma and CrySiS forms of the Ransomware family are still attempting to establish themselves.
How Can You Protect Yourself From Ransomware?
You need not freak out, as here are a few solid prevention measures that would protect you from the hazardous Ransomware.
- All the organizations/users need to make sure that there should be no delay in updating or patching all the patches released by Microsoft.
- All the executable files should be blocked by the administrator from being transmitted via emails.
- The affected system in the network should immediately be isolated by the Administrators.
- The administrator can restore the encrypted files from the backup or from system restore point (if enabled) in case of the affected systems.
- The user should make sure to install and configure eScan with all its security modules active.
a) eScan Real-Time Monitoring
b) eScan Proactive protection
c) eScan Firewall IDS/IPS Intrusion prevention.
6. One should never enable macros in documents.
7. A backup solution should always be maintained.
8. Most importantly, to curb the widespread of suspicious attachments, all the organizations should implement MailScan at the Gateway Level for mail servers.