Around 37 incidents of ransomeware attacks were reported to the Indian Computer Emergency Response Team (CERT-In), according to Minister of State for Electronics and IT P P Chaudhary’s reply in Lok Sabha. Of these, 34 incidents were of Wannacry and Petya ransomware. The minister did not give details for each separately. The answer was in response to a question from MPs Harish Meena and Dr Thokchom Meinya. Chaudhary also did not provide details of the financial impact of these incidents when asked.
WannaCry ransomware attacks were first reported on 12th May 2017 and Petya on 27th June 2017.
Note that a total of 65 ransomware incidents have been reported to CERT-In in the past:
- 2014: nil
- 2015: 2
- 2016: 26
- 2017 (till June): 37
CERT-In is an emergency response team set up under the Ministry of Electronics and Information Technology for dealing with a range of cyber-attacks. Apart from this, the Government of India has four Sectoral Computer Emergency Response Teams to address Cyber Security Threats in Power Systems: Transmission, Thermal, Hydro and Distribution.
Do read: Cyber War stories from startups: ransomware attacks, network level breaches – #NAMAcloud
Security threats in India
In addition to this, CERT-In claimed to have received reports of more than 27,000 cyber security threat incidents in the first half of 2017 alone. These include a range of threats like phishing attacks, website intrusions and defacements or damages to data as well as ransomware attacks. As per CERT-In’s data, the number of cyber security incidents reported in the past 3 years:
- 2014: 44,679
- 2015: 49,455
- 2016: 50,362
- 2017 (till June): 27,482
From the above data, it’s notable that the number of cyber security incidents has been growing steadily in India. Authorities including the telecom regulator TRAI and the judiciary have stepped in. TRAI had raised the issue of threats posed by mobile applications that collect sensitive user data. On the other hand, India’s top court is looking at whether privacy should be a fundamental right—both offline and online–which will affect how companies handle user data in India.
Cybersecurity incidents in India
Here is a list of cyber security incidents that affected India in the past one year. (We will keep updating this list over time)
- BSNL malware attack: The state run telco’s broadband network in Karnataka circle suffered a malware attack which affected 60,000 modems with default “admin-admin” username/password combination. The malware infected modems were unable to connect to the Internet. Following this, BSNL issued an advisory notice to its broadband customers, urging them to change their default router user name and passwords.
- Mirai botnet malware: A botnet malware named Mirai took over the Internet targeting home router users and other IoT based devices. The malware affected 2.5 million IoT devices; it’s not clear how many systems were affected in India. CERT—In had also issued an advisory regarding the attack back in October 2016.
- WannaCry: Ransomware WannaCry swept the world in May. CERT-In immediately put out an advisory notice. Few instances of the ransomware were reported to have hit banks in India, and some businesses in Tamil Nadu and Gujarat as well during the first wave of the attack. Railwaire users were also most affected by the ransomware.
- Petya: India was also on the top 10 list of countries to be hit by Petya ransomware attacks, with the country faring worst among other Asia Pacific (APAC) countries, cyber security firm Symantec said in a blog postlast month. Globally, India took the 7th spot with less than 20 organisations being affected as per the Symantec’s analysis.
- Data breaches: Zomato said in May that it was affected by a data breach which led to details of 7.7 million users being stolen. The leaked information, listed for sale on a Darknet market. The company was, however, able to contact the hacker and take down the data. Reliance Jio was also affected by a data breach this month; a website called magicapk.com went up last month, allowing anyone to search for personal details of Jio customers. However, this also was taken down after the site went viral.
