Hackers are on ransom-spree. From fuel pipelines in the west to stock exchanges in the east, they are making their presence felt everywhere.  Last week, one of the largest fuel supply companies— Colonial pipeline which spans over 8,000 kms  was shut down after a breach. The company had to pay the hackers handsomely to resume their operations. Colonial Pipeline’s CEO admitted that his organisation paid the group of hackers a $4.4 million ransom as the company executives were unable to assess how badly their networks had been hacked or how long it would take to repair the pipeline. The particular case has come out in the open, many go unnoticed – thereby requiring an urgent fix.

Ransomware viruses are encoded in a file sent to a targeted user.  The hackers then try to do a trade-off by giving access back for some money. The ransomware attacks have increased by almost 37% during the pandemic. Moreover, Common Vulnerabilities & Exposure (CVE) saw a phenomenal jump of over 356% from just 57 in 2019 to 260 in the first quarter of 2021, as per Ransomware Spotlight Report 2021. 

Major cyber-attacks in India

• May 2021 – The Air-India data breach of more than 4.5 million passengers after a sophisticated cyber-attack on SITA – the Switzerland based company providing passenger services system. The attack was carried out on its servers based in the US.
• March 2021 – Ransomware attack on Pimpri-Chinchwad Municipal Corporation, Smart City project in Pune district, managed by Tech Mahindra.
• In October 2020 – Haldiram’s popular food major faced the ransomware attack, and attackers demanded $7,50,000 for access.
• November 2020 – Indian Computer Emergency Response Team (CERT-In) issued a warning against the spread of ransomware virus ‘Egregor’ capable of stealing vital corporate data.

Several other ransomware attacks, including WannaCry, Petya, Mirai Botnet and Pegasus, have impacted private and public organisations on an immense scale. “If we go by the “Pegasus attack” by the NSO group of Israel, which was a topic of hot debate among large sections of our society, your phone can be compromised with even a missed call which is a shocking but cruel reality’, said Pukhraj Singh, Cyber Intelligence Analyst.

“There is baseband software in our mobile phones. It acts as an interface between the hardware and software. Whatever communication we receive on our phones is converted into data by the interface. The moment this interface is compromised, you are hacked. It’s extremely challenging to avoid such hacks.”

This is why organisations are seeking state-of-the-art solutions like machine learning and AI to thwart these attacks. Companies like DarkTrace claim that their algorithms can detect the threats in real time.

What can AI do

Cyber AI from Darktrace is capable of neutralising ransomware without relying on rules or signatures. The tool is capable of identifying even the most sophisticated strains of ransomwares, while giving a response within seconds. It works by studying the organization’s ‘patterns of existence,’ which include people, machines, and servers, and detecting ransomware attacks as soon as they deviate from the standard.

Researchers Subash Poudyal and Dipankar Dasgupta from the Department of Computer Science, University of Memphis, have proposed an AI-powered ransomware detection framework. They have designed a ransomware analysis tool – AIRaD (AI-Powered Ransomware Detection), using the techniques of reverse engineering, static and dynamic analysis, and machine learning. The researchers are in the process of development, and they are planning to make it an open-source tool.

Whereas, Microsoft’s Azure Sentinel uses AI to detect threats and respond against such attacks. It collects data both on-premises and on clouds to detect unknown threats using analytics and to hunt down suspicious activities with years of experience in the cyber-security domain.

Image Credit: Microsoft Azure

SpinOne is another tool, which uses machine learning-enabled ransomware security methods along with backups. The algorithms look for anomalies in file activity and spot ransomware encryption patterns. Once confirmed, they block the source of the attack and revoke user account access to prevent any further encryption.

The Information Technology (IT) Act 2000 with 94 sections was last amended in 2008 and now has 124 sections. Some of the common sections which affect us daily include Section-65 deals with knowingly or intentionally tampering with Computer source documents; Section-66 Deals with the hacking of computer systems; 66-E for violation of privacy etc. Whenever we are interacting with cyberspace, we are only interacting in 0 and 1. The problem here is how laws that are not recognised by cyberspace can regulate it. “Code is law,” i.e. if we want to control cyberspace, you can control it only through the code .

Additionally, the servers need to be installed within the country, rather than storing and using it outside. Data localisation will make it easy for the governments and cybersecurity personnel to access data in real-time for monitoring and quick response. Furthermore, we need to put more emphasis on the Public-Private Partnership (PPP) model, where Indian IT industries can work in tandem along with the government sector by exchanging best practices available in the cyber field. More funds for R&D in the field of cybersecurity will hold the key for the future.