India among top countries affected by ransomware in APJ region: Akamai

Conti, one of the most notorious ransomware, as well as other members of the ransomware family have dramatically increased in the Asia-Pacific and Japan (APJ) region over the past one year. A new report by American cybersecurity firm, Akamai, ranked APJ as the third-highest region globally to be hit by Conti ransomware, after North American and EMEA regions. It also said that this year, organisations across all industries are 80% more likely to be a target in APJ than in other regions globally.

The report showed that Australia (45%), India (13.6%), Indonesia (9.1%), New Zealand (9.1%), and China (4.6%) are reportedly seeing the brunt of attacks in the APJ region, with attacks on critical infrastructure accounting for 13.6% of overall victims in APJ in the last 12 months.

Conti is one of the most damaging ransomware-as-a-service (RaaS), which is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks. Conti was first observed in 2020 and supposedly led by a Russia-based cybercrime group that goes under the Wizard Spider pseudonym.

The report further said, the Conti gang that usually runs ‘double extortion’ attacks, stealing data and encrypting and then ask the victim to pay a ransom to retrieve the data, responsible for many high-scale, international attacks, including attacks on government websites and businesses across the globe, has hit the IT services sector the most in APJ, followed by retail and hospitality in the last six months.

In January 2022, Delta Electronics, a Taiwanese contractor for a high-end automobile manufacturer that supplies Apple, Tesla, HP, and Dell, etc. that suffered a Conti attack. The numbers of attacks have gone up since then, said the report, stating that this is not surprising since the commerce industry contains troves of confidential information, such as personal identifiable information (PII) and credit card numbers, making it a lucrative target. 

Not just Akamai research that highlighted the rising ransomware cases in Asia-Pacific, another research conducted in May 2022 by cloud security firm ExtraHop also showed that 83% of organisations in the region were breached by ransomware at least once in the past five years, but only 32% publicly disclosed that an incident occurred. “Lax security practices and continued reliance on legacy technology suggest the increased rise of ransomware in the region," said Jeff Costlow, CISO, ExtraHop. 

In India itself, a recent report by the Indian Computer Emergency Response Team (CERT-In) said that it has observed a 51% increase in ransomware incidents in the country in the first half of the business year (H1) in 2022, with the IT sector the most affected when it comes to these attacks, followed by manufacturing and finance.
Apart from Conti, the agency attributed the rise in attacks in India to Djvu, a ‘high-risk’ virus that majorly targets citizens, Phobos, a ransomware which strikes smaller companies and individuals that have less capacity to pay relative to larger businesses, and also attributed the increase to Hive, a year-old ransomware which has grown into one of the most prevalent ransomware payloads in the RaaS ecosystem.

The Akamai report further said, when organisations get hit by such ransomware, the implications are not just financial losses, but they also potentially deal with downtime resulting in loss of productivity, brand and reputation damages, remediation and recovery costs, and legal fees, among other problems.