Print Friendly, PDF & Email

India Ransomware Report 2022

GS Paper 3

 Syllabus: Internal Security: Cyberspace


Source: CERT-IN

 Context: The Computer Emergency Response Team of India (CERT-In) has reported that ransomware attacks are not only motivated by money but also by geopolitical conflicts.


What is Ransomware?

Ransomware is a type of malicious software or malware that is designed to block access to a computer system, network, or data until a ransom is paid. E.g., WannaCry (2017), Petya/NotPetya (2017); GandCrab (2018)


Major findings of the Report:

Ransomware incidentsThe number of reported ransomware attacks in India in 2022 was 53% higher than in 2021
TargetRansomware attacks targeted critical infrastructure organizations to disrupt services and extract ransom payments
Sector most impactedThe IT/ITeS sector in India was the most impacted by ransomware attacks, followed by the finance and manufacturing sectors
Most prevalent variantsLockbit was the most prevalent ransomware variant in India, followed by Makop and DJVU/Stop, Makop and Phobos; Vice Society and BlueSky were new variants
RaaS ecosystem The RaaS (Ransomware-as-a-service) ecosystem is becoming more prominent, allowing even non-technical individuals to launch ransomware attacks
Restoration timeOn average, the restoration time is about 10 days for infections in reasonably large infrastructure networks
RecommendationsOrganizations should regularly update their contingency plan; have higher cyber awareness among their employees


How do ransomwares work? (Source: CERT-In)

Various initiatives for cybersecurity:


  • Global:
    • Budapest Convention on Cybercrime (2004, the first international treaty that seeks to address Internet and cybercrime by harmonizing national laws)—India is not a signatory.
  • India:
    • Policies: National Cyber Security Policy 2013; National Cyber Security Strategy 2020
    • Schemes: Cyber Surakshit Bharat Yojana (2018, MeITY+ NeGD+ Industry)—to create awareness programs on cyber security; Cyber Swachhta Kendra (free Botnet Cleaning and Malware Analysis tools)
    • Institutions: Indian Cyber Crime Coordination Centre(I4C) (est. in 2018; under Home Ministry)—to combat cybercrime in India in a comprehensive and coordinated manner; National Critical Information Infrastructure Protection Centre (NCIIPC); National Cyber Coordination Centre (NCCC) (under CERT-In)



Continuous efforts are needed to Secure (National Cyberspace), Strengthen (Structures, People, Processes, and Capabilities), and Synergise (Resources including Cooperation and Collaboration) in the field of cyberspace in India.

About CERT-IN:

The Indian Computer Emergency Response Team (est. 2004; HQ: New Delhi) is an office within the Ministry of Electronics and Information Technology. It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens the security-related defence of the Indian Internet domain.

Insta Links:

Cybersecurity in India


Mains Links:

What is a ‘Ransomware’ attack? How do they compromise and complicate cybersecurity in the country? How can they be tackled?


Prelims Links:

The terms ‘WannaCry, Petya and EternalBlue’ sometimes mentioned in the news recently are related to (UPSC 2018)

(a) Exoplanets

(b) Cryptocurrency

(c) Cyber attacks

(d) Mini satellites

Ans: C


In India, it is legally mandatory for which of the following to report on cyber security incidents? (UPSC 2017)

  1. Service providers
  2. Data centres
  3. Body corporate

Select the correct answer using the code given below:

(a) 1 only

(b) 1 and 2 only

(c) 3 only

(d) 1, 2 and 3


Ans: D