Kaspersky cybersecurity solutions for businesses in India detected a total of 156,917 ransomware incidents for the first half of 2024.

Organisations in the country continue to be targeted by cybercriminals, particularly ransomware groups. Kaspersky’s data revealed that between January to June, India registered a 24 percent rise in ransomware attacks, compared to the same period last year.

In 2024, the country witnessed major attacks in critical sectors such as healthcare, financial services, manufacturing and government agencies. Recent cases include country’s largest health insurer, major electricals and cable manufacturer, technology service provider to cooperatives and rural banks, a local construction firm, and a broking firm.

Kaspersky experts have predicted the growing prevalence of this threat in the country in 2024 and urged organisations to bolster their cybersecurity defence and strengthen overall security posture.

“We are witnessing significant rise in attacks which are results of rapid adoption of digital technologies that is not supported by robust cybersecurity measures. The inadequacy in security protocols and outdated software systems have further compounded the vulnerabilities,” says Jaydeep Singh, General Manager for India Region at Kaspersky.

In India, major attacks in the past two years have been perpetrated by a few ransomware groups including LockBit, Conti, Hive, BianLian, and BlackCat that involve extortion, data thefts, as well as service and operation disruptions.

“Organisations need to start taking more proactive stance to strengthen their cybersecurity posture by implementing stronger measures. This includes assessing their infrastructure to identify gaps, deploying proven solutions and technologies, and training their workforce,” he adds.

To protect yourself and your business from ransomware attacks, Kaspersky experts recommend the following:

1. Always keep software updated on all the devices to prevent attackers from exploiting vulnerabilities and infiltrating organisation’s network.

2. Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.

3. Back up data regularly and ensuring they can be accessed quickly when needed or in an emergency.

4. Avoid downloading and installing pirated software or software from unknown/unverified sources.

5. Assess and audit your supply chain and managed services access to your environment.

6. Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary and always use strong passwords, two-factor authentication and firewall rules for them.

7. Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access to as-need, and as-required basis to minimise risks of unauthorised access and data leak.

8. Set up a security operation centre (SOC) using an SIEM (security information and event management) tool, a unified console for monitoring and analysing information security incidents, and solutions such as robust cybersecurity solutions that defend against sophisticated cyberthreats.

9. Use the latest Threat Intelligence information to have an in-depth visibility into cyberthreats targeting your organisation and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs.

