Recurrence of malware attacks increases by 71.39pc: BGD e-GOV CIRT

Malware contamination has increased significantly in Bangladesh. This malware is associated with potential ransomware risks.

In the last one year, four major organisations, including two government ones, of the country have been victims of ransomware attacks.

The issue of the country’s cyber security, or rather lack of it, is often discussed due to the lack of skills and not paying enough attention to cyber security, say the IT experts.

BGD E-Gov CIRT, an organisation working on cyber security under the government’s information and communication technology department, Thursday released a report on the ransomware threat in Bangladesh.

The report ‘Ransomware: A Data-Driven Threat Analysis of Bangladesh’ analyses the incidents of ransomware attacks and potential risks in the country from late 2022 to 2023.

It said the recurrence of ransomware attacks in the country have increased significantly in recent years. The rate of malware attacks associated with potential ransomware risk in the country increased significantly in 2023. Compared to 2022, the incidence of malware attacks increased by 71.39 per cent in 2023.

Ransomware is a type of malicious software programme or malware that prevents access to information stored on a computer, smartphone or any digital device.

A malware attacked device could be ‘locked’ while the hackers or cybercriminals, who are behind the spread of malware, could steal the data from the device. They could seize the information and delete it and could encrypt it with a special key. Then the cybercriminals generally demand money to return the access to a computer or retrieve data stored there. That is why it is called ransomware. Ransomware targets are usually the financial sector organisations that are large and the government institutions.

The BGD e-GOV CIRT’s report mentioned the four sectors that are most affected by ransomware attacks in Bangladesh. Those are – financial, aviation, pharmaceutical and industrial. But the report did not mention the name of any specific organisation affected by the ransomware attack.

However, another report titled ‘Ransomware Landscape Bangladesh’ BGD e-GOV CIRT published in September, 2022, mentioned the names of the organisations that were victims of ransomware attacks.

The 2023 report of BGD e-GOV CIRT said that in December 2022, a leading pharmaceutical company of the country became a victim of a ransomware attack. Cybercriminal group, Lockbit 3.0, claimed to have carried out the attack. They said they accessed the company’s network and seized 750 gigabytes of data, including personal information of the company’s employees.

The report also mentioned that a leading transport company in the country was attacked by ransomware in March last year. Cybercriminal group ‘Money Message’ was behind the attack. The group seized the company’s 100 gigabytes of data, including personal and confidential information, and demanded a huge amount of money.

Different media, at that time, carried reports saying that the server of the national carrier, Biman Bangladesh Airlines, was attacked by ransomware. However, the Biman authorities did not acknowledge the attack.

A financial institution in the country was victim of a ransomware attack of a cybercriminal group, ALPHV/Blackcat, in June last year. The hackers claimed to have captured 170 gigabytes of sensitive data. Sources said this victim financial institution is a state-owned bank.

A top business conglomerate of the country was rocked by ransomware attack in the same month last year. Claiming the responsibility for the attack, hacker group ‘Akira’ said the industrial group did not want to discuss the money demand. That is why they released the information they have on the dark web. The dark web is the marketplace for illegal activities in the internet world.

Speaking regarding the report, director of BGD e-GOV CIRT Saiful Alam Khan told Prothom Alo that the four ransomware attacks they mentioned were major issues. If they see any attack or anything suspicious, they immediately inform the related institutions.

Regarding the ransomware attacks, BGD e-GOV CIRT says that taking the opportunity of weakness in the system, someone from the outside is entering the system by using a code. The BGD e-GOV CIRT further said that they have identified three notable malwares that could be used for ransomware attacks. According to their analysis, Mallox is the most common type of malware detected in the attacked establishments.

The group targets vulnerable MS-SQL servers, the BGD e-GOV CIRT said about Mallox.

Highlighting the global statistics, the BGD e-GOV CIRT report said that Bangladeshi organisations were most affected by Trojan ransomwares, with the rate being 3.34. Bangladesh is followed by Yemen, South Korea, Mozambique, Sudan, Palestine, Taiwan, Afghanistan, China and Syria.

Cybersecurity experts say ransomware attacks are on the rise in Bangladesh mainly due to lack of proper cybersecurity practices.

The BGD e-GOV CIRT in the last one year found 25,038 IP addresses in Bangladesh that are attacked by malware. They also identified seven ransomware risks during this period. However, not all of the attacks were successful.

The report said that now there is a tendency to report to BGD E-GOV CIRT if anything suspicious happens or is attacked and seek help.

The report also put forward a few suggestions. Those include keeping the data backup, taking immediate steps to recover in case of an attack, and checking the server regularly, monitoring network logs of users’ devices connected to the server.

When asked about the report, IT expert Suman Ahmed said that the incidents of malware and ransomware attacks are taking place a lot in the country. But not all cases come out.

He thought the use of pirated software to be one of the biggest causes of cyber risk in Bangladesh. Malware spreads through them, he added.

Suman Ahmed further said that various organisations at the private level are becoming aware of cybersecurity. However, they lack in skills and infrastructural security. On the other hand, the government organisations are at higher risk as there is a lack of people who are skilled in cybersecurity there.

* The report, originally published in the print and online editions of Prothom Alo, has been rewritten in English by Shameem Reza