The recently released limited series, IC 814: The Kandahar Hijack, sparked off a heated debate almost as soon as it was released. While it began with a certain section taking offence to the hijackers in the series “using Hindu codenames to purposely defame the religion”; actual survivors quickly came forward to state that these were the codenames used by the actual terrorists, and that the on-screen depiction was an accurate one.
The ‘outrage’, however, opened up a debate on another subject: the decision to release Masood Azhar in exchange for the hostages. Azhar would go on to plan several dastardly attacks against India, including the Pulwama attack of 2019. In 2024, India faces a similar threat, one that seems to have very little prevention and no cure - the threat of ransomware attacks. And the Kandahar analogy is not without reason: Those hit by ransomware attacks are damned if they do and damned if they don’t.
Earlier this year, Cloudflare, a US based cybersecurity and research agency, conducted a study into the cyber threat landscape for each country in the Asia Pacific region based on incidents reported from, but not limited to, June 2023 to June 2024. The results, which were released this week, identify ransomware attacks among the top threats faced by Indian organizations.
Simply speaking, a ransomware attack is a cyber-attack where your data is captured and the attackers demand a hefty amount as ransom in exchange for releasing it back to you. This is usually done by slipping malware - a software designed for malicious purposes - into your server. The malware takes all the data you have - text files, pictures, videos - and changes it to a format that is unreadable by anyone. The data can only be changed back to its original format using a decryption key, which is like a password, and the attackers won’t give you the key unless you pay the ransom. For obvious reasons, these attacks are aimed more at corporations and less at individuals. The bigger the entity, the higher the ransom amount demanded.
Cloudflare’s research found that 82 percent of Indian organisations that were hit by ransomware attacks over the last two years chose to pay the ransom demanded by the attackers. This, despite 89 per cent of these companies publicly pledging not to do so. Further, 43 per cent of these companies said that they did so due to customer pressure. The alternative to not paying up is that all the captured data is decrypted and either put up for sale or simply dumped on the internet.
When a major power service provider was targeted two years ago, and negotiations failed, the hackers put up everything - from the CEO’s salary break up to the company’s latest grid diagrams - on their blog. As a senior cyber intelligence officer puts it, marta kya na karta (what wouldn’t a dying man do)? “You need to realise,” says the officer, “that in cases of physical kidnap or hijack, you at least have the option to send in your commandos and save the hostages. With ransomware attacks, there are three or four layers between the ones doing the actual work and the ones paying for it. So, who do you even go after?”
The last decade has seen the emergence of the “service model” on the dark web, where RaaS (Ransomware as a Service) is now an accepted practice. Hacker gangs execute ransomware attacks for you, handle the negotiations and take a cut from the proceeds.
The solution? Focused and enhanced defences. Most cyberattacks rely on phishing, where malware are hidden within fraudulent emails that look like genuine business communications. One wrong click by one careless employee can lead to a ransomware attack. Organisations need to invest more in creating a culture where every employee is five time more cautious than they are today. Also, regular data back ups. In a ransomware attack, you may lose face and customers, but at least you have your data backed up. You can pick up where you left off, rebuild and live to fight another day.
As Anjali Joneja Amar, Vice President, India and SAARC at Cloudflare puts it, “In today’s landscape, cyberattacks hit every level of an organization, putting security leaders under intense pressure and scrutiny. With limited resources and increasingly complex IT environments, the challenges are growing. To stay ahead of evolving threats, leaders must constantly reassess their resources, tools, and strategies to protect their organizations effectively.”
