Ransomware attacks have been front and center in the news over the past year due to various high-profile breaches that have impacted businesses across the globe. These attacks have been part of a larger global increase in ransomware crime over the past year. In fact, it is estimated that ransomware attacks cost the world $20 billion and hit 37% of all businesses and organizations in 2021 alone.
The impact of this can be clearly seen in the Asia-Pacific region where India has been one of the country’s worst affected by ransomware crime. Last year, 49% of companies in India suffered multiple ransomware attacks, while 76% have experienced at least one, according to a recent report by US security firm Crowdstrike. This makes India among the top 3 most affected countries when it comes to ransomware and demonstrates that it is critical for Indian businesses to protect themselves against cybercrime.
Mr. Nitin Bhatnagar, Associate Director India, PCI Security Standards Council, on cybercrime in India said “As an industry-leading organization for payment security in India, we are issuing this bulletin to help educate those who work in payments and security about the presence and growing risk of ransomware attacks. Organizations in India need to be aware of these threats and need to make cybersecurity a top priority as the number of cyber-attacks is on the rise.”
A ransomware attack involves cyber criminals gaining access to your network, systems and data and then rendering parts of these unusable, and/or stealing some of the data you have stored. The cyber-actor then ‘ransoms’ the data back by requiring payment to provide a decryption key to allow for the recovery of the encrypted data and systems or to guarantee sensitive data is not further exposed. Ransomware attacks are often the result of a phishing attack, when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software.
When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered a best practice. It consists of steps that mirror industry accepted security best practices and at a high level requires you to consider how to mitigate the impact of a cyber-attack.
Speaking on the combatting the growing threat of ransomware attacks, Lt Gen. Dr. Rajesh Pant, National Cybersecurity Coordinator, Prime Minister’s Office Government of India said, “The imminent threat of ransomware needs serious and immediate attention. We have seen a rise in the number of ransomware attacks over the last 2 years in India. Cybercrime is growing and evolving at a rapid pace which makes it crucial for us to be equipped with the right tools and information to tackle it. We are pleased to see global payment security standards body PCI SSC’s constant efforts to educate businesses and government organization on the best practices to tackle such threats.”
Learn more about the threat of ransomware attacks and the many ways to better protect against in PCI SSC’s recently issued bulletin, here. It highlights best practices businesses can take to mitigate the threat of ransomware attacks, including how the PCI DSS can be helpful in preventing an attack and improving payment data security.