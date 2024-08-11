The emergence of Ransomware-as-a-Service (RaaS) gangs has become a force multiplier. In this year alone, more than 25 known cases of major ransomware attacks have been reported where ransom in billions have been demanded and many victims have negotiated and paid to avoid business and reputational loss. The transnational angle of these crimes and casual cooperation among law enforcement add to the complexity of trying to nab the gangs. Further, ransomware is used in espionage operations to obscure their tracks, make attribution harder, and create a powerful distraction for security agencies and network defenders. The scale and sophistication of ransomware attacks have grown dramatically in recent years, causing billions in damages and disrupting critical infrastructure.

In the current incident, the NPCI took the correct and prompt step of isolating the network by CEdge technologies, as well as ordering a special audit. This tactical step saved more infected systems and greater ransom demands. It also showed another good trait- the incident was promptly reported to CERT-In, which generally is not the case as organisations refrain from disclosing ransomware attacks. CERT-In acted fast to inform other networks of the attack vector. However as the special audit report showed, a vulnerability (CVE-2024-23897) allowed the attackers to gain secure shell access via port 22. The attack exploited this vulnerability in the misconfigured Jenkins server. So, patch management was missing somewhere. This particular hacking group is known for sophisticated exploitations and demanding high ransoms.