Ransomware attacks on AIIMS a deliberate act: How prepared is India for this battle

oi-Vicky Nanjappa

The recent ransomware attacks on AIIMS have once again raised the question as to how prepared is India for the cyber war. The experts say that there is a need to pre-meditate such attacks and remain prepared at all times.

New Delhi, Dec 09: Minister of State for IT Rajeev Chandrasekhar said on Thursday that the ransomware attacks on the servers of AIIMS Delhi were deliberate and targeted and the National Investigation Agency is probing the matter. I cannot comment as the NIA is probing it. It is pretty clear that it is a deliberate and targeted effort on AIIMS system , Chandrasekhar said on the sidelines of the CII Global Economic Policy Summit 2022.

On December 2, the minister had said that it is clearly a conspiracy and has been planned by forces that are pretty significant. It is a sophisticated ransomware attack, Chandrasekhar said.

The hand of the Chinese:

While the probe by the NIA would reveal the exact identity of the hackers, the role of Chinese hackers is not being ruled out. It is also being suspected that the dark web, the hidden internet was used to sell the stolen AIIMS data. Statistics also revealed that over 1,600 searches for stolen AIIMS data was found and this included details of VVIPS, including politicians and celebrities. It is said that Chinese hackers had specifically targeted five main AIIMS servers.

Close on the heels of the AIIMS and Safdarjung hospitals attack, a group of hackers alleged tried to hack the website of the Indian Council of Medical Research. Sources tell OneIndia that a group of hackers from Hong Kong tried to attack the servers nearly 6,000 times on November 30.

The attack by the Chinese hackers failed at ICMR because of the supreme health of the website. The hacking failed due to an updated firewall and enhanced security measures by the top medical body.

The cyber war of the world:

According to documents revealed by former National Security Agency (NSA) official Edward Snowden, the United States carried out 231 cyber-operations in 2011 alone. According to scholar Magnus Hjordal, the Chinese cyber deterrence is a strategically intelligent solution which is quite cheap, compared to a full-sale conventional military. Like China, Russia works closely with cyber criminals and offers them impunity in return for intelligence cooperation.

In 2019, hackers from North Korea were found to be stealing nuclear secrets of India. They targeted laptops held by former Bhabha Atomic Research Centre chief Anil Kakodkar and former Atomic Energy Regulatory Board head S A Bharadwaj.

How prepared is India:

India's cyber security challenge is immense. The threats the country faces today are contemporary and new and the marriage between the internet and rime and terror has led to several security challenges. This is a clear indicator that the future would involve plenty on fighting cyber crime.

India had formulated a policy in 2013, but it does not appear to be working, the experts point out. In 2017, India was ranked at the 23rd spot globally in security arrangements. India also ranks 3rd in terms of highest number of internet users after the US and China.

In an interesting article written in 2018, expert on cyber security and advocate Supreme Court, Pavan Duggal had said that an allocation of 10 per cent for cyber security into an entire IT budget is meagre. In order to become digitally empowered, there has to be a bigger budget allocation for cybersecurity and added that India needs a leapfrogging mechanism rather than a traditional one.

In April this year the maiden National Cyber exercise was held under the aegis of the National Security Council Secretariat. This was held in the wake of the recent cyberattacks on Oil India and similar related incidents. In his concluding remarks, deputy national security adviser, Rajinder Khanna said that India being in a difficult neighbourhood, the use of cyber as a weapon becomes extremely important.

The California-based cybersecurity firm Trellix said that India's critical infrastructure witnessed a 70 per cent jump in ransomware attacks in 2021. In the past couple of months, ransomware attacks on supply chains in critical infrastructure have been growing in number, scale and complexity, a report said. The report also said that India needs to build, strengthen and continuously train to predict, pre-empt, prevent respond, detect, mitigate and remediate any cyber threat.