Suspected ransomware attack cripples AIIMS: What is it and how can it be prevented?
News of the AIIMS-Delhi server being down since Wednesday morning has raised suspicions that a ransomware attack is being carried out.
AIIMS in a statement said a team from the National Informatics Centre (NIC) has said this could be a ransomware attack and has been referred to relevant law enforcement agencies.
Measures are being taken to restore the digital services and support is being sought from the Indian Computer Emergency Response Team (CERT-In) and NIC, AIIMS added.
“AIIMS and NIC will take due precaution to prevent future such attacks. As of 7.30 pm, the hospital services are running on manual mode,” it added.
As per NDTV, AIIMS-Delhi, which sees 1.5 million outpatients and 80,000 inpatients every year, has witnessed long queues have been seen outside every department with the registration section being the worst affected – hundreds have been queuing since dawn.
“With the server being down, the outpatient and inpatient digital hospital services, including smart lab, billing, report generation and appointment system, among others have been affected,” an AIIMS official told PTI.
The OPD and sample collection were handled manually but the sample collection system for those who do not have a Unique Health Identification were affected, another official said.
As each sample collected requires a barcode for tracking, the server going down has led to very few samples being collected, he added.
But what is ransomware? How does it bring systems down?
Let’s take a closer look:
What is it?
Ransomware is malicious software installed on a computer which denies access to important files. The cybercriminals then demand a ransom to restore access.
After the payment is made, the victims receive a decryption key. However, if no payment is based, the criminal can either publish the material online or block access to the files forever.
A brief history
As per Gatefy, the first ransomware in history occurred in 1989.
AIDS Trojan, created by Harvard-trained biologist Joseph Popp, sent infected floppy disks to the World Health Organisation’s international AIDS conference, in Stockholm.
Popp is widely considered the father of ransomware.
AIDS Trojan, also known as PC Cybord, blocked file names and hid file directories – then asked users to send $189 to a Panama mailbox in Panama.
However, it caused no major issues as its encryption was weak.
How does it work?
There are several ways cybercriminals can gain access to a computer.
As per CSO Online, phishing spam – an email pretending to be from a trusted source – is among the most common.
Once the unsuspecting victim downloads the file, the hackers can take over the computer including administrative access.
Sometimes criminals pretend to be law enforcement and claim the computer has pornography or pirated software – and demand a ‘fine’ to restore access.
They can also threaten to make ‘sensitive information’ public – a method known as doxware.
Other forms of ransomware use security loopholes to infect computers.
According to Proofpoint.com, hackers often use difficult to trace payment method – iTunes gift cards and cyptocurrencies such as Bitcoin, Ethereum, Litecoin, and Ripple.
Small-time attackers can demand on average between Rs 8,000 and Rs 16,000 according to Kaspersky.
However, they can target multinationals for large amounts.
Prominent examples of Ransomware attacks
WannaCry, Petya and Goldeneye are some notables examples, as per Kaspersky.
WannaCry was created by the NSA and leaked by the Shadow Brokers hacker group. The attack affected 230,000 computers across 150 countries in 2015 and caused financial damage of approximately $4 billion.
Petya, which occurred in 2016, encrypted entire hard disks – which made it impossible to access files.
It spread to corporate HR departments via a fake application that contained an infected Dropbox link.
GoldenEye, known as WannaCry’s ‘deadly sibling’ took out more than 2,000 targets including oil producers in Russia and several banks. The ransomware also locked the personnel of the Chernobyl nuclear power plant out of their computers – forcing them to manually check radiation levels, as per Kaspersky.
How to prevent ransomware?
As per CSOOnline, there are a few simple ways of protecting:
- Keeping your operating system updated
- Never installing untrusted software
- Having an anti-virus
- Backing up for your files
A growing threat
Experts and law enforcement agencies say ransomware is a growing threat.
In May, SpiceJet said it faced a ransomware attack which caused a delay in departure of its flights.
“Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today (Wednesday),” a SpiceJet spokesperson told The Times of India.
In fact, the FBI and Europol have called ransomware ‘one of the main threats’ in the digital world, as per Gatefy.
The US agency has said 2,474 ransomware attacks occurred around the world in 2020, which resulted in losses in excess of $29 million.
In September, a report stated that around 70 per cent of organisations in India have been hit by a ransomware attack in the last three years while a whopping 81 per cent of organisations feel that they could be the target of ransomware attacks.
Nearly 66 per cent of organisations have seen their supply chain subsidiaries become victims of ransomware attacks in India.
Cybersecurity leader Trend Micro revealed in its report that organisations are increasingly at risk of ransomware compromise via their extensive supply chains.
In India, 66 per cent of organisations have a cyber insurance policy while 98 per cent regularly update security patches to externally exposed servers and VPN equipment.
Nearly 32 per cent of respondents feel motivated about tackling ransomware over the next 12 months in India, said the report.
Ransomware is now present in 25 per cent of data breaches, a 13 per cent year-on-year increase globally.
A vast majority of IT and business leaders globally (87 per cent) now view cyber compromise as a bigger threat than an economic downturn, with a fifth admitting that a serious attack in the past nearly sent their business into bankruptcy.
A year ago, a sophisticated attack on a provider of IT management software led to the compromise of scores of MSPs and thousands of downstream customers.
Yet, only 47 per cent of organisations globally share knowledge about ransomware attacks with their suppliers. Additionally, 25 per cent said they don’t share potentially useful threat information with partners.
“We found that 52 per cent of global organisations have had a supply chain organisation hit by ransomware, potentially putting their own systems at risk of compromise”, said Sharda Tickoo, Technical Director at Trend Micro, India and SAARC.
The supply chain can also be exploited by attackers to gain leverage over their targets. Among organisations that had experienced a ransomware attack in the past three years, 67 per cent said their attackers contacted customers and/or partners about the breach to force payment.
With inputs from agencies
|CryptoCurrency||USD||Change 1h||Change 24h||Change 7d|
|---||0.00 %||0.00 %|