Ransomware is introduced through third-party vendors or service providers that organizations rely on.

How it Works:

• Hackers compromise a trusted software vendor or IT service provider.
• They embed ransomware in software updates or patches sent to customers.
• When businesses update their systems, ransomware is installed unknowingly.
• The malware spreads across the organization’s network, encrypting critical data.
• This type of attack is difficult to detect as it comes from a trusted source.

AIIMS Delhi Ransomware Attack (2022)

 Details:

• Hackers sent a phishing email to an AIIMS staff member, tricking them into downloading malware.
• The malware spread through AIIMS’ servers, encrypting patient data and medical records.
• Attackers demanded a ₹200 crore ransom in cryptocurrency for decryption.
• AIIMS switched to manual operations for several days, affecting thousands of patients.
• The government refused to pay, and cybersecurity agencies intervened to recover the data.