India news agency Press Trust of India (PTI) faced cyberattack over the weekend, crippling its service for hours on Saturday night.
The computer servers suffered a massive ransomware attack, disrupting operations and the delivery of news to hundreds of subscribers across India for several hours. Engineers have restored the news service by Sunday morning after an all-night effort.
PTI did not pay any ransom, according to media reports. PTI has identified the ransomware as LockBit that encrypted data and applications, crippling the news delivery to subscribers that include several media organizations.
LockBit functions as ransomware-as-a-service (RaaS). LockBit ransomware is a malicious software designed to block user access to computer systems in exchange for a ransom payment, according to Russia-based cyber security firm Kaspersky.
LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network.
This ransomware is used for highly targeted attacks against enterprises and other organisations. LockBit is a new ransomware attack in a long line of extortion cyberattacks.
Formerly known as ABCD ransomware, it has since grown into a unique threat within the scope of new extortion tools.
Attacks using LockBit originally began in September 2019, when it was dubbed the .abcd virus.
The moniker was in reference to the file extension name used when encrypting a victim’s files.
Notable past targets of LockBit ransomware attacks include organisations in the United States, China, India, Indonesia, Ukraine. Various countries throughout Europe such as France, the UK, Germany have also seen cyberattacks, according to cybersecurity solution supplier Kaspersky.
Sophos, a leader in cybersecurity, said LockBit is designed to increase pressure on the victim to pay the ransom.
“An effective backup system that enables organizations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” Chester Wisniewski, principal research scientist, Sophos.
The State of Ransomware 2020 report from Sophos indicates that more than 80 percent of Indian organizations had experienced a significant ransomware attack in the previous 12 months, compared to 67 percent in 2017.
Data was encrypted in 91 percent of attacks that successfully breached an organization in India. The average cost of addressing the impact of such an attack in India, including business downtime, lost orders, operational costs, and more, was Rs 80,270,000. Two out of three organizations hit by ransomware in India admitted paying the ransom.
A McAfee blog has recently explained how Northwave faced the LockBit ransomware attack. The blog described the different stages of the cyberattack and recovery, including an analysis of the ransomware and the attackers behind it.