March 22, 2019


  • Ransomware is a kind of malware (software that damages the functions or gains unauthorised access to a computer system).

  • It is used to encrypt important documents or files within a system (Crypto ransomware) or simply lock the original user out of the system (Locker ransomware).

  • The user is then asked for a ransom in return for decrypting the files. Once the ransom is paid within a stipulated period, then the system is either unlocked or the system’s contents are deleted or the system is entirely corrupted.

  • Unlike other cyber-attacks, in this form of attack, the user is notified of the attack.

  • Ransomware spreads easily when it encounters unpatched or outdated software.

Trends in Ransomware:

  • Initially, ransomware attacks followed a pattern akin to fire and forget, that is, it was used for small scale extortion from individuals.

  • Now, however, the pattern has shifted to more focused and targeted attacks for larger returns like targeting the server of an organisation.

  • The effect is to turn entire organisations into victims rather than individual users, and the pay-off for the extra effort involved in performing this kind of an attack is often huge.


  • The first ever recorded use of ransomware occurred as early as 1989 in the form of the AIDS Trojan,

  • However, this method gained prominence only after the unleashing of the WannaCry Ransomware in 2017. This was a massive attack that affected more than 200,000 systems in some 150 countries and accounted for a loss of several million dollars.

  • Since then, the use of ransomware attacks has seen an upward trend for committing cyber-crime.

  • Many new, better and customized ransomware are coming to the forefront. Those in the active stage include GandCrab and ZZZ.


  • GandCrab was first spotted near the end of January 2018 and since then its attacks have been growing at a rapid pace.

  • It is generally distributed by “phishing emails” (an attachment in a malicious email gives the ransomware the required information) and “exploit kits” (any security holes that are detected by hackers in any software installed in a system can deliver ransomware to the system).

  • Following infiltration, ransomware starts collecting information like username, PC name, OS (Operating System) and other such data.

  • The virus also creates a unique ransom ID and starts encrypting files stored on the system. As a result, the user is no longer able to access encrypted files without a key which cannot be obtained without a ransom.

Impact of GrandCrab on India:

  • In the year 2018, GandCrab attackers were able to infect more than 50,000 victims and generate more than USD 600,000 in ransom payments from victims.

  • Though India had its fair share of ransomware attacks, however, there was an increase in the activity of the GandCrab Ransomware attacks particularly in the states of Gujarat, Telangana, Uttar Pradesh and Kerala.

Way ahead:

For now the only plausible option is prevention and risk management in the following ways:

  • Regularly patching and updating software released by companies.

  • Any important data should be spread across networks with appropriate backups, thus maintaining redundancy.

  • Stronger passwords and two-prong authentication should be ensured.

  • Continuous real-time monitoring within the system and firewalls to protect against any such attacks.

  • In case of an attack, affected network must be isolated to prevent the virus from spreading.