Veeam Software has released a detailed whitepaper titled Comprehensive Ransomware Mitigation Strategies for India, as a part of the ‘Veeam Bharat Cyber Suraksha Campaign – Enabling a Resilient Bharat’. This essential whitepaper serves as a critical resource for both the public and private sectors in India, offering actionable recommendations and insights to help organisations combat the growing threat of ransomware.
The whitepaper has been meticulously developed in accordance with guidelines from the Indian Computer Emergency Response Team (Cert-In) and provides an in-depth analysis of the current ransomware landscape. It highlights the significant impact of ransomware on various sectors, while proposing strategic measures to enhance cybersecurity defences across the nation.
“India’s crucial role in the global digital economy makes it a prime target for ransomware. Government and private organisations must enhance their data protection and disaster recovery capabilities to mitigate both internal and external threats. Backups are an organisation’s last line of defence while ensuring accessibility, availability, and more importantly, business continuity and data integrity,” said Mr. Sandeep Bhambure, VP and MD, Veeam Software India & SAARC
He added, “Veeam is committed to providing the solutions and strategies needed to combat these threats. Our latest whitepaper provides a comprehensive roadmap for boosting cyber resilience and ensuring business continuity. Having a hardened backup strategy and implementing robust data protection and recovery measures as outlined in the whitepaper, reduces the risk of ransomware attacks and safeguards organisations’ critical data assets. This whitepaper is just the latest in our focus to support Indian organisations to build a robust defence against these evolving threats”.
Ransomware trends and impacts
Ransomware attacks are surging at an alarming rate. The 2024 Veeam Ransomware Trends report revealed that 75% of global organisations experienced a ransomware last year, and 81% of those attacked chose to pay the ransom. This is despite the finding that one in three of these organisations still could not recover their data after paying.
India, a key player in the global digital economy, faces increasing ransomware threats. Cert-In reported a 53% rise in ransomware incidents in 2022, particularly affecting IT services, finance, manufacturing, and critical infrastructure, disrupting essential services for ransom.
The whitepaper also addresses the threat of Ransomware-as-a-Service (RaaS), where cybercriminals rent ransomware infrastructure to conduct attacks. Notable RaaS operations like Conti, Lockbit, and Black Basta highlight the growing sophistication and commercialisation of cybercrime.
The implication of The Digital Personal Data Protection (DPDP Act)
In response to rising digital threats, the Indian government has enacted the Digital Personal Data Protection Act 2023, which introduces stringent data protection measures for public and private entities, enhancing India’s cyber resilience. Veeam’s whitepaper explores the Act’s implications and its alignment with global regulations like GDPR. The DPDP Act emphasises data minimisation, purpose limitation, and storage limitation – key principles for mitigating ransomware risks. It also mandates robust security measures, regular impact assessments, and prompt breach notifications. By integrating these requirements, the Act not only protects personal data but also positions India as a leader in digital innovation and responsible data governance.
Fortifying against ransomware
In addition to this, the whitepaper underscores the importance of aligning with Cert-In’s guidelines to fortify defences against ransomware. It highlights several critical strategies, including
- Phishing prevention: Since phishing is a ‘major pivot point’ for network initial access, the whitepaper recommends stringent measures to prevent phishing attacks. This includes user training, email filtering, and multi-factor authentication (MFA).
- Securing exposed applications: Ensuring that all public-facing applications are secured and regularly updated to prevent exploitation by attackers.
- Credential protection: Emphasising the need to protect valid credentials, which are often targeted by ransomware attackers to gain unauthorised access to systems.
Veeam offers advanced anti-ransomware capabilities aligned with Cert-In guidelines, focusing on robust backup cybersecurity practices. Our solutions help Indian government and business sectors meet – and often exceed – Cert-In recommendations with high scalability and efficiency. Key features include Multi-Factor Authentication (MFA), patching applications and operating systems, and restricting admin privileges. In addition to above capabilities Veeam recommends best practices to ensure backup files are available, such as the 3-2-1-1-0 rule.
Insights and recommendations
Overall, the whitepaper offers several key insights and recommendations for Indian organisations to strengthen their cybersecurity posture:
- Strategic ransomware mitigation: Actionable steps included for strengthening cybersecurity defences, including robust data backup strategies and incident response planning.
- RaaS threat landscape: Insight into the growing threat of Ransomware-as-a-Service and its impact on India’s cybersecurity.
- Compliance with DPDP Act: Guidance on aligning cybersecurity measures with the requirements of the DPDP Act, fostering a secure and trustworthy digital environment.
- Modern data protection for the public sector in India: Actionable strategies to enhance cybersecurity know-how, measures to protect backups and robust solutions to build resilience against ransomware and other cyber threats.
- Veeam solutions for India-based organisations: Technologies such as Veeam DataLabs, SureBackup & SureReplica, Veeam Secure Restore that will help Indian organisations to achieve advanced cyber resiliency.
