Ransom-Cloud Attacks: CERT-In Issues Advisory to Secure India's Digital Infrastructure
GS3GS2
The Indian Computer Emergency Response Team (CERT-In) has warned of 'Ransom-Cloud' attacks targeting enterprise cloud services. The advisory highlights the need for robust encryption and multi-factor authentication to protect national digital assets from sophisticated cyber-extortion.
The Indian Computer Emergency Response Team (CERT-In) recently issued a high-priority advisory regarding 'Ransom-Cloud' attacks. Unlike traditional ransomware that targets local hard drives, Ransom-Cloud specifically targets data stored in cloud environments, such as email services, cloud storage, and enterprise resource planning (ERP) systems. This shift in tactics reflects the global migration of business operations to the cloud, making these platforms lucrative targets for cybercriminals.
The mechanism typically involves sophisticated phishing emails that trick users into granting third-party applications permissions to access their cloud accounts via OAuth tokens. Once access is granted, the attacker encrypts the user's cloud-based data—such as emails and documents—and demands a ransom for the decryption key. This poses a significant threat to India’s digital economy, as cloud services are the backbone of the 'Digital India' initiative and the burgeoning startup ecosystem.
Continue reading — free with login
JeetoBharat publishes daily UPSC current affairs mapped to the Mains syllabus. Log in to read full articles.
Log in to read full articleNo credit card required. Free registered users get unlimited access.
This article was curated using AI. While we strive for accuracy, please verify critical facts from official sources.