New Delhi: The pandemic year 2020 was unprecedented on many counts. Chief among them is how much of the world moved online entirely — work, studies, socialising and parties, and even healthcare to an extent were all happening over the internet.
The flip side to this, though, was how this directly resulted in more hack attacks, cyber crimes, online bullying and data ransom demands.
Gulshan Rai, the first to hold the post of India’s national cybersecurity coordinator
under the Prime Minister’s Office, said online safety is an issue that many are not fully aware of, especially in terms of knowing what to do to stay protected on the internet.
He added he would never pay ransom to hackers holding his data hostage.
“What is the guarantee that he [the hacker] will take money and give it [the data] to me?” he said.
“My experience is that no ransomware case has been solved by virtue of giving the money.”
As part of our series Safe and Sound, ThePrint spoke to Rai and cybercrime investigator Ritesh Bhatia about how to practice online safety and what one needs to know while living their virtual lives.
This episode is the fifth in the series presented by Facebook that provides information useful to navigate the post-Covid world.
Also read: For cyber terrorists, business has been booming during Covid pandemic
Understanding online safety
As an internet user faces diverse challenges ranging from hate speech to hackers, “online safety has a wider meaning”, said Rai who demitted office in 2019.
Online safety constitutes transactions not leading to offensive activities against a user and the user not having to worry about their information being exploited or being fed fake information, according to Rai.
For Bhatia, online safety determines how safe a user is financially, emotionally and even physically when on the internet.
How to deal with ransomware, sextortion scams
Ransomware is malicious software that locks users out of their computer systems until a fee, or the ‘ransom’, is paid. Instances of data being held hostage through ransomware attacks have risen during the pandemic.Online safety constitutes transactions not leading to offensive activities against a user and the user not having to worry about their information being exploited or being fed fake information, according to Rai.
For Bhatia, online safety determines how safe a user is financially, emotionally and even physically when on the internet.
US-based cybersecurity provider Check Point says that in Q3 2020, it saw a 50 per cent rise in the daily average number of ransomware attacks. These attacks claimed “a new victim every 10 seconds”, Check Point noted, adding that India, after the US, recorded the most number of such attacks in the world.
A Twitter user posted an email screenshot which claimed their data had been encrypted, making it unreadable, and the hacker was holding the decrypting software ransom for 0.02 bitcoin.
— Nishi Joshi (@NishiDMP) January 5, 2021
Both Rai and Bhatia advised not paying ransom if hackers threatened to leak information or hold data hostage.
“Information [that] is gone, is gone,” said Rai, advising that it is better to protect the remaining information and prevent its misuse.
Bhatia said that in most of the cyber fraud cases he investigated, “people who pay ransom are never in peace even after paying, and the demand for ransom does not stop”.
Bhatia also advised deleting and ignoring emails in which a blackmailer claims to have sexual pictures of you. These are ‘sextortion scams’ where the blackmailer doesn’t actually have any explicit images of the victim, said Bhatia.
He added that such scam emails had increased after Indian viewership of porn rose during the pandemic. Hackers who possess large lists of emails typically send out mass emails, counting on the probability that some users will be more gullible. These email lists and passwords are procured from the dark web where such data gets dumped after a successful hack.
Also read: How hackers are using coronavirus panic to target India through WhatsApp and email
How corporates can be safe online
The pandemic also made it important for organisations and institutions to prioritise cybersecurity and online safety.
David Ferbrache, KPMG’s UK global head of Cyber Futures, said there’s “evidence that remote working increases the risk of a successful ransomware attack significantly”.
Atul Kabra from the Netherlands-based EclecticIQ, which helps companies respond to cyber threats, said companies should “start viewing security budgets not as a cost but investment”.
Cybersecurity budgets vary from company to company, depending on the sector.
According to a study by Deloitte and the Financial Services Information Sharing and Analysis Center, the cybersecurity budget is around 10 per cent of the IT budget in the financial sector or the equivalent of spending $1,300-$3,000 per full time employee on cybersecurity.
Stay emotionally safe online
The emotional aspects of living a largely virtual life are less tangible, but no less vulnerable to bad actors.
The previous year saw cyberbullying cases rise in India. The ‘Bois Locker Room’ case was among the more prolific ones that came to light. It was an Instagram group created by high school students in which boys made derogatory comments about their female peers.
Clinical psychologist Dr Sudipta Roy had some suggestions on how to avoid becoming a target of bullying or extortion:
1. Do not post or vent on social media when you’re emotionally unstable, angry, or in the heat of the moment. Always wait until you’re calm and collected.
2. Always be respectful and sensitive to others’ views when sharing your own.
3. Avoid extensively posting online about how you’re lonely or depressed. It can open you up to those seeking easy targets to scam.
Watch the full episode here:
Also read: Locker room boys to IT cell men: India’s rape culture grows without shame or consequences