Ransomware India
Legal Provisions
Its working, How to safeguard your self
Authorities to contact if you are a victim
Under IT Act
Section 43 read with section 66: Damage to a computer/ computer system without the owner’s consent, punishable with imprisonment of up to three years or a fine or Rs. 5,00,000/- or both
Section 65: Tampering with computer source documents, punishable with imprisonment of up to three years or with a maximum fine of Rs. 3,00,000/-.
Section 66D: Cheating by personation by using computer resource, punishable with imprisonment, which may extend to three years and a maximum fine of Rs. 1,00,000/-.
Under IPC
Section 120 (A) and 120 (B) : Criminal conspiracy
Section 378 and 379 for Theft and punsihment of Theft which may extend to imprisonment of 3 years or fine or both.
Section 383 and 384 : Extortion is a crime that is sanctioned by the law according to this section. The attacker attempts to extort money from the victim while blocking the data. Ransomware can therefore be prosecuted under section 383 of the Indian Penal Code as an act of extortion. Punishement can be imprisonment up to 3 years or fine or both.
Under Section 415, 416, 417, 419, 420 : Victim can be booked for Cheating by personation.
Section 503: Criminal Intimidation
1. RANSOMWARE
What is ransomware?
Ransomware is a type of malicious software that encrypts a victim's files. The attackers then
demand a ransom from the victim to restore access to the files upon payment. Ransomware
attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user
is tricked into downloading or opening when it is actually malware.
Once activated, the ransomware can lock the victim out of their own computer system or
encrypt important files, making them inaccessible. The attackers then demand payment,
usually in the form of cryptocurrency, in exchange for the decryption key that will unlock the
files.
Ransomware attacks can be particularly devastating for individuals and organizations, as they
can result in the loss of important data and disrupt critical systems. It is important to regularly
back up important files and to be cautious when opening email attachments or downloading
files from the internet to protect against ransomware attacks.
2. How does Ransomware works?
Ransomware attacks mainly work in 5 distinct phases:
• Initiation and Setup Phase – The hacker finds the target and collects pertinent data from readily accessible and
open sources during the first setup phase. This can also entail creating fake websites and/or sending out a tonne of
phishing emails.
• Infection Phase –The ransomware can be installed on a victim's computer in a number of ways, including through
email attachments, malicious websites, or flaws in operating systems or applications.
• Encryption Phase –The virus encrypts any backups that might be present while also encrypting the target data
that is kept on the host's servers.
• Extortion Phase –The attacker often informs the victim that their files have been encrypted and that they must
pay a ransom to get their files back during the exfiltration phase. The notice typically includes a payment due date
and an exact sum that has to be paid.
• Decryption Phase –If the victim has complied with the attacker's requests, he or she will receive an unreliable
decryption tool to take back control of the data.
3. How does ransomware spread?
Ransomware attacks are typically carried out using a Trojan that is
disguised as a legitimate file that the user is tricked into downloading
or opening when it is actually malware. Ransomware can also be
spread through:
• Email attachments
• Malicious URL’s
• Website pop-ups
• Malvertising attacks
• Drive-by downloads
4. How do I protect myself from ransomware?
Here are some steps you can take to protect yourself from ransomware:
• Keep your software and operating systems up to date: Regularly update your software and operating systems to protect against known vulnerabilities and malware.
• Use antivirus software: Use antivirus software and other security measures to protect against ransomware and other forms of malware.
• Back up your data: Regularly back up your data to an external drive or cloud storage to protect against data loss in the event of a ransomware attack.
• Be cautious when opening emails or attachments: Do not open emails or attachments from unfamiliar or suspicious sources, and be cautious when clicking on links.
• Use strong passwords: Use strong, unique passwords for your online accounts and devices, and avoid using the same password for multiple accounts.
• Enable two-factor authentication: Enable two-factor authentication or other security measures, such as biometric authentication, to add an extra layer of protection to your
accounts and devices.
• Disconnect from the internet: If you suspect that your device has been infected with ransomware, disconnect from the internet to prevent the malware from spreading or
encrypting additional files.
• Seek help: If you suspect that your device has been infected with ransomware, seek help from a cybersecurity expert or a trusted technical support provider to remove the
malware and restore your data.
5. Which Authorities should I reach out to if I
become victim of Ransomware?
• CERT-In: As per Section 70B of IT Act, the Computer Emergency Response
Team has been establised by Government of India. In accordance to Rule
11(1) of CERT RULES any individual or organization can report a ransomware
attack to CERT-In. Based on the type and severity of the incident and the
resources available to CERT-In, a prompt reaction will be made in the shortest
amount of time with the goal of minimising any additional data loss or harm.
• Cyber Cells: An FIR may be filed with the local police station under the
appropriate provisions of the IT Act or the IPC if any person or organisation is
the target of a ransomware attack. The cyber-crime cell will then look into the
FIR. The Code of Criminal Procedure, 1973's due process requirements must
be followed for any offences committed under the IT Act or the IPC to be tried
in Indian courts.
6. What are the provisions under which Ransomware
attacker can be booked?
The ransomware attack firstly violates the Indian Constitution's guarantees of personal liberty. Our fundamental right to privacy, which is protected by Article 21 of the Indian
Constitution, has been violated.
Under IT Act
• Section 43 read with section 66: Damage to a computer/ computer system without the owner’s consent, punishable with imprisonment of up to three years or a fine or Rs.
5,00,000/- or both
• Section 65: Tampering with computer source documents, punishable with imprisonment of up to three years or with a maximum fine of Rs. 3,00,000/-.
• Section 66D: Cheating by personation by using computer resource, punishable with imprisonment, which may extend to three years and a maximum fine of Rs. 1,00,000/-.
Under IPC
• Section 120 (A) and 120 (B) : Criminal conspiracy
• Section 378 and 379 for Theft and punsihment of Theft which may extend to imprisonment of 3 years or fine or both.
• Section 383 and 384 : Extortion is a crime that is sanctioned by the law according to this section. The attacker attempts to extort money from the victim while blocking the data.
Ransomware can therefore be prosecuted under section 383 of the Indian Penal Code as an act of extortion. Punishement can be imprisonment up to 3 years or fine or both.
• Under Section 415, 416, 417, 419, 420 : Victim can be booked for Cheating by personation.
• Section 503: Criminal Intimidation