New Delhi The increasing number of cyberattacks on governments shows that cybercriminals go beyond just financial extortion. Now, experts say ransomware groups are uncovering specialized malware to disrupt public services, steal sensitive public records, and take advantage of government-linked cyber insurance.
Ransomware is a specific type of malware that, when downloaded, encrypts a user’s device to prevent access to its files. Such malware demands a ransom to decrypt the company’s data. Failure to do so can lead to various types of disruptions to services, both in the public and private sectors. They are commonly used to withdraw money from corporations.
By targeting governments, ransomware groups gain access to sensitive citizen data, details of government schemes and internal schemes, said Akshat Jain, co-founder and chief technology officer (CTO) of Indian cyber security firm Cyware.
“This data can be used for highly targeted, customized attacks against individuals belonging to vulnerable demographic groups or businesses belonging to government departments,” Jain said.
One such attack by the Conti ransomware group took place in Costa Rica earlier this month.
On May 8, Costa Rican President Rodrigo Chaves declared a state of national emergency following the breach of several government departments. A report by Bleeping Computer states that Conti has since published more than 650GB of data belonging to various government agencies in the country on the dark web.
At the same time, Conti also infiltrated Peru’s Directorate of National Intelligence to steal 9.1GB of sensitive data. Both Costa Rica and Peru refused to pay the $10 million ransom demanded by Conti. On 18 May, Chaves stated that his country was “at war” with Conti.
In a blog post on 26 May, Sergei Shykevich, manager of the intelligence group at cybersecurity firm Check Point, wrote that the factors underlying the latest attacks are Conti’s attempts to provoke civil disruption in both countries and interfere with the country’s political process. . Try and overthrow the government.
Using ransomware to attempt to overthrow the government was the first time experts said government bodies have been targeting ransomware groups for at least two years now. Furthermore, while governments are less likely to pay the ransom, the real value, as seen in the Conti attacks, lies in the nature of the stolen data.
Sanjay Katkar, CTO of Indian cyber security services company Quick Heal, said the biggest threat of ransomware targeting governments is disruption of public services, which could threaten to force departments to pay ransom. “Cyber insurance, coupled with infrastructure that is easy to breach, combine to make government departments a prime target for ransomware,” he said.
Cyware’s Jain said that in a cyber war, ransomware groups could potentially bring down “critical public services including the power grid, financial system, communication system, government agencies, healthcare providers, educational institutions and others”.
Direct warfare is still not a regular target area for ransomware groups, but experts say their growing influence on public life cannot be ignored.
Such instances have also been seen in India, when Mumbai faced a power blackout in October 2020 due to a state-sponsored cyber attack on the connected power grid. However, there is no official confirmation of the ransomware.