Disruption in Banking Operations Due to Ransomware Attack

- A ransomware attack recently disrupted the operations of 150-200 cooperative banks and Regional Rural Banks (RRBs) in India.

- The attack was detected by the National Payments Corporation of India (NPCI), mainly impacting those banks which were serviced by C-Edge Technologies Ltd. (a Joint Venture between TCS and SBI).

Impact of the Ransomware Attack on Banks

- The primary victim of the attack was C-Edge Technologies Ltd., adversely affecting its capability to provide services to cooperative banks and RRBs.

- Due to the ransomware attack, customers couldn't access payment systems, such as Unified Payments Interface (UPI) and Aadhaar-enabled payment systems (AePS).

- Few Regional Rural Banks functioned regularly, relying on different technology service providers.

Implications for the Payment System 

- The attack elucidates the vulnerability of technological service providers, highlighting their crucial role in preserving the payment infrastructure.

- The event stresses the importance of robust cybersecurity measures to guard against such future attacks.

- Integral cooperation between NPCI, banks, and technology service providers is necessary for quick rectification and mitigation of such disruptions.

Introduction to Ransomware 

- Ransomware is a type of malware that encrypts a victim’s data, demanding a ransom in return for the decryption key or to regain access.

- Initial instances of ransomware attacks involved encrypting data and demanding a ransom; however, current attacks encompass double-extortion and triple-extortion tactics.

- Notable ransomware variants are Akira, LockBit, CryptoLocker, WannaCry, Petya, NotPetya, Ryuk, DarkSide, Locky, REvil, Conti.

Ransomware as a Cyber Threat

- Ransomware attacks can cost organisations millions of dollars, with the average cost of a data breach reaching Rs. 19.5 crore (USD 2.35 million) in 2024, marking a 7% rise over 2023.

- Once hackers gain access to a network, they can deploy ransomware in less than four days, giving organisations little time to detect and respond.

Responding to a Ransomware Attack

- Immediate actions include isolating the infected device, identifying the entry point, prioritising the restoration of systems, and restoring the systems from backup if available.

Infection Techniques of Ransomware

- Common techniques include phishing, exploiting vulnerabilities, credential theft, using other malware, drive-by downloads, and Ransomware as a Service (RaaS).

Indian Legislation and Protections Against Ransomware Attacks

- Ransomware attacks constitute offences under the Indian Penal Code 1860 and the Information Technology (IT) Act 2000.

- Specific cybersecurity measures have been implemented by banks and financial institutions, such as multi-factor authentication, encryption, and regular security audits.

- The Ransomware Task Force (RTF) plays a significant role in providing help for ransomware attack victims, offering investigation, recovery, and prevention efforts.