LockBit Ransomware | 25 Apr 2023

For Prelims: LockBit Ransomware, Cyber Attack, Cyber-crime, Crypto virus, Cyber Surakshit Bharat, Cyber Swachhta Kendra.

For Mains: LockBit Ransomware and Protection against it, Instances of Cyber Attacks in India, Increasing threat of cybercrime in India and its impact on national security.

Why in News?

Recently, it has been found that LockBit ransomware was found to be targeting Mac devices.

  • Earlier in January 2023, the LockBit gang was reportedly behind a cyber-attack on U.K. postal services, causing international shipping to grind to a halt.
  • A ransomware is a type of malware that hijacks computer data and then demands payment (usually in bitcoins) in order to restore it.

What is LockBit Ransomware?

  • About:
    • LockBit, formerly known as “ABCD” ransomware, is a type of computer virus that enters someone's computer and encrypts important files so they can't be accessed.
      • The virus first appeared in September 2019 and is called a "crypto virus", because it asks for payment in cryptocurrency to unlock the files.
    • LockBit is usually used to attack companies or organizations that can afford to pay a lot of money to get their files back.
    • The people behind LockBit have a website on the dark web where they recruit members and release information about victims who refuse to pay.
    • LockBit has been used to target companies in many different countries, including the U.S., China, India, Ukraine, and Europe.
  • Modus Operandi:
    • It hides its harmful files by making them look like harmless image files. The people behind LockBit trick people into giving them access to the company's network by pretending to be someone trustworthy.
    • Once they're in, LockBit disables anything that could help the company recover their files and puts a lock on all the files so that they can't be opened without a special key that only the LockBit gang has.
    • Victims are then left with no choice but to contact the LockBit gang and pay up for the data, which the gang may sell on the dark web - whether the ransom is paid or not.
  • LockBit Gang:
    • The LockBit gang is a group of cybercriminals who use a ransomware-as-a-service model to make money.
    • They create custom attacks for people who pay them and then split the ransom payment with their team and affiliates.

Why is LockBit targeting macOS?

  • LockBit is targeting macOS as a way to expand the scope of their attacks and potentially increase their financial gains.
    • While historically ransomware has mainly targeted Windows, Linux, and VMware ESXi servers, the gang is now testing encryptors for macOS.
  • The current encryptors were not found to be fully operational, but it is believed that the group is actively developing tools to target macOS.
  • The ultimate goal is likely to make more money from their ransomware operation by targeting a wider range of systems.

What are the Recent Instances of Cyberattacks in India?

  • India has been facing a significant increase in ransomware attacks, with approximately 82% of companies impacted in 2020.
  • Several high-profile attacks have occurred in recent years, including the WannaCry attack in 2017, a data breach at Juspay that affected 35 million customers, including those of Amazon in 2021, and more recently a ransomware attack on AIIMS Delhi in Dec 2022.
    • In 2022, Air India suffered a major cyberattack, compromising 4.5 million customer records, including passport, ticket, and credit card information.

What are the Present Government Initiatives Related to Cyber Security?

How to Protect against LockBit Ransomware?

  • Strong Passwords:
    • Account breaches often happen because of weak passwords that are easy for hackers to guess or for algorithm tools to crack. To protect oneself, choose strong passwords that are longer and have different types of characters.
  • Multi-Factor Authentication:
    • To prevent brute force attacks, use additional security measures like biometrics (such as fingerprint or facial recognition) or physical USB key authenticators along with your passwords when accessing your systems.
      • Brute force attacks are a type of cyber-attack where attackers try to guess a password by repeatedly trying different combinations of characters until they find the right one.
  • Reassess Account Permissions:
    • Limiting user permissions to stricter levels is important to reduce security risks. This is especially critical for IT accounts with administrative access and for resources accessed by endpoint users.
    • Ensure that web domains, collaborative platforms, web meeting services, and enterprise databases are all secured.
  • System-wide Backups:
    • To protect against permanent data loss, it's important to create offline backups of your important data.
    • Make sure to periodically create backups to ensure that you have an up-to-date copy of your systems. Consider having multiple backup points and rotating them, so you can select a clean backup in case one becomes infected with malware.

UPSC Civil Services Examination Previous Year Question (PYQ)

Prelims:

Q. The terms ‘WannaCry, Petya and EternalBlue’ sometimes mentioned in the news recently are related to (2018)

(a) Exoplanets
(b) Cryptocurrency
(c) Cyber attacks
(d) Mini satellites

Ans: (c)

Q. In India, under cyber insurance for individuals, which of the following benefits are generally covered, in addition to payment for the loss of funds and other benefits? (2020)

  1. Cost of restoration of the computer system in case of malware disrupting access to one’s computer
  2. Cost of a new computer if some miscreant wilfully damages it, if proved so
  3. Cost of hiring a specialized consultant to minimize the loss in case of cyber extortion
  4. Cost of defence in the Court of Law if any third party files a suit

Select the correct answer using the code given below:

(a) 1, 2 and 4 only
(b) 1, 3 and 4 only
(c) 2 and 3 only
(d) 1, 2, 3 and 4

Ans: (b)

Q. In India, it is legally mandatory for which of the following to report on cyber security incidents? (2017)

  1. Service providers
  2. Data centres
  3. Body corporate

Select the correct answer using the code given below:

(a) 1 only
(b) 1 and 2 only
(c) 3 only
(d) 1, 2 and 3

Ans: (d)


Mains:

Q. Keeping in view of India’s internal security, analyse the impact of cross-border cyber-attacks. Also, discuss defensive measures against these sophisticated attacks. (2021)

Q. Discuss different types of cybercrimes and measures required to be taken to fight the menace. (2020)

Source: TH

Buy Now