India saw 60,000 ransomware attacks in 2014
23 Apr 2015
India saw as many as 60,000 ransomware attacks on computers last year, making it the third-most attacked nation in Asia, security solutions firm Symantec said.
Ransomware attacks encrypt files in a user's computer and block user access until a certain sum of money.
The victim is asked to pay between $300-500 (Rs 18,000-30,000) to regain access to the files.
"India has evolved from law enforcement e-mails (seen largely in 2013) to crypto-ransomware which encrypts files. The number of ransomware attacks India recorded at 60,000 were the third highest in Asia last year, Symantec India director Technology Sales Tarun Kaura told PTI.
He added this translated into 170 attacks on a daily basis and seven per hour, he explained.
"About 86 per cent of ransomware attacks in India are crypto-ransomware," he said.
Globally, ransomware attacks were up a staggering 113 per cent in 2014.
Symantec's Internet Security Threat Report (ISTR) Volume 20 says digital extortion was on increasing.
He said India's growing social media population proved to be a ready base for cyber-criminals last year, which made the country the second most targeted country for social media scams.
He added more than 80 per cent of the scams were shared manually as attackers took advantage of the willingness of people to trust content shared by their friends. 
Further, cyber attackers were infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them in addition to exploiting vulnerabilities within a very short time, Symantec said.
According to Kaura, attackers did not need to break down the door to a company's network when the keys were readily available.
He said the attackers were tricking companies into infecting themselves by trojanizing software updates to common programmes and patiently waiting for their targets to download these - giving attackers unfettered access to the corporate network.
A research conducted by the company, revealed that it took software companies an average of 59 days to create and roll out patches -- up from only four days in 2013.
He said attackers took advantage of the delay and leapt to exploit the vulnerability within four hours. He added there were 24 'zero-day' vulnerabilities discovered in 2014, leaving an open playing field for attackers to exploit known security gaps before they were patched.
