A new report suggests that over 180 Indian companies were victims of “ransomware” online extortion schemes in the first six months of the year 2016. According to Trend Micro Incorporated, a global leader in security software and solutions, 2016 has proven to be a year of online extortion through various malicious attacks. Ransomware, also called Business Email Compromise (BEC), globally caused companies a loss of a whopping $3 billion, the report said — although no figure has been provided for losses in India. BEC schemes are scam tactics which compromise business accounts in order to facilitate an unauthorized fund transfer and is considered one of the most dangerous threats to organisations. Also Read - PUBG Mobile: Grandson uses Rs 2.3 lakh for in-game purchases
“While it’s unfortunate for us, cybercriminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution,” said Ed Cabrera, Chief Cybersecurity Officer for Trend Micro, in a statement. “It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles,” he added. In total, 79 new ransomware families were identified in the first six months of the year, which surpasses the total number of new families found in all of 2015. Also Read - Online scam: Bengaluru man loses Rs 95,000 after ordering a 'pizza' from Zomato
Both new and old variants caused a total of $209 million in monetary losses to enterprises globally. Ransomware attacks found in the first half of 2016 — like BEC scams — originated from emails 58 percent of the time. The effectiveness of BEC scams lies in the techniques employed against its preferred targets. Attackers are able to deceive victims by combining their knowledge of social engineering techniques and well-researched information about the target.
Once attackers had picked someone of authority to spoof, their next move would involve tricking their victims to permit a fund transfer to serve as payment for an invoice or perhaps a legal settlement. “An effective way to defend against BEC scams should be a mixture of proper employee education and security solutions that will help identify threats even before they reach a person’s inbox,” the report said.
An email solution that is able to flag social engineering techniques is needed to effectively block malicious email messages that are used in BEC campaigns, it added.
In the study, three out of four ransomware criminal gangs were even willing to negotiate the ransom fee, averaging a 29 percent discount from the original ransom fee, the study found. Researchers also pointed out that ransomware deadlines are not necessarily “set in stone” as all the groups involved in the study granted extensions on the deadlines.
In India, while 11,674 users were attacked by TeslaCrypt ransomware during March-May 2016, 564 users were attacked by Locky ransomware during the same period. Ransomware is a type of malware that prevents or limits users from accessing their system. Locky is a Windows ransomware infection that was released in the middle of February 2016. This ransomware infection affects all versions of Windows.
With additional inputs