NEW DELHI :
A growing number of cyberattacks on governments shows cybercriminals are looking beyond just financial extortion. Now, experts say ransomware groups are unleashing specialized malware to disrupt public services, steal sensitive public records, and leverage government-linked cyber insurance.
A ransomware is a specific type of malware that, when downloaded, encrypts a user’s device to prevent access to its files. Such malware then asks for ransom to decrypt a company’s data. Failure to do so may lead to various types of disruptions of services in both public and private sectors. They have typically been used to extort money from corporations.
Akshat Jain, co-founder and chief technology officer (CTO) of Indian cyber security firm Cyware, said that by targeting governments, ransomware groups get access to sensitive civic data, details of government schemes, and internal plans.
“This data can be used for highly targeted, customized attacks against individuals belonging to vulnerable demographic groups, or businesses that deal with government departments,” Jain said.
One such attack by the Conti ransomware group happened earlier this month in Costa Rica.
On May 8, Costa Rican President Rodrigo Chaves declared a state of national emergency after multiple government departments were breached. A report by Bleeping Computer said Conti has since published on the dark web more than 650GB of data belonging to various government agencies of the country.
At the same time, Conti also infiltrated Peru’s National Directorate of Intelligence to steal 9.1GB of sensitive data. Both Costa Rica and Peru refused to pay the $10 million ransom demanded by Conti. On 18 May, Chaves said his country was “at war” with Conti.
In a blog post on 26 May, Sergey Shykevich, threat intelligence group manager at cyber security firm Check Point, wrote that the underlying factor in the latest attacks is Conti’s efforts to incite civil disruption in the two nations and interfering in a nation’s political process to try and overthrow a government.
While using ransomware to attempt to overthrow a government was a first, experts said that government bodies have been growing targets of ransomware groups for at least two years now. Moreover, while governments are less likely to pay ransom, the real value, as seen in the Conti attacks, lies in the nature of the stolen data.
Sanjay Katkar, CTO of Indian cyber security services company Quick Heal, said the biggest threat of ransomware targeting governments lies in the disruption of public services, which could leave departments at risk of being compelled to pay the ransom. “Cyber insurance, coupled with infrastructure that is often easier to breach, combine to make government departments a prime target for ransomware,” he said.
Cyware’s Jain added that in a cyberwar, ransomware groups can potentially bring down critical public services including “power grid, financial system, communication systems, government agencies, healthcare providers, educational institutions and others”.
Direct warfare is still not a regular target area for ransomware groups, but experts state that their increasing impact on public life cannot be ignored.
Such instances have been seen in India as well, when Mumbai faced a power blackout in October 2020 because of a state-sponsored cyberattack on connected power grids. There was, however, no official confirmation of ransomware.