Introduction
Ransomware is a type of cybercrime in which malicious software is used to block access to a computer system, mobile device, server, or digital data. The attacker usually encrypts files and demands payment, often in cryptocurrency, in exchange for restoring access to the data.
Ransomware attacks may target individuals, businesses, hospitals, educational institutions, financial organisations, and government departments. These attacks can result in loss of important information, financial damage, disruption of services, and unauthorized access to sensitive data.
What Provisions Apply To Ransomware Attacks In India?
Ransomware incidents may attract provisions of the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023 depending on the facts of the case.
Under Section 43 of the Information Technology Act, 2000, unauthorized access, downloading of data, introduction of computer contaminants, disruption of computer systems, and damage to computer resources may result in liability for compensation.
Section 66 of the Information Technology Act, 2000 provides punishment where acts covered under Section 43 are committed dishonestly or fraudulently.
If confidential personal information, business records, or sensitive data are stolen during the attack, provisions relating to data theft, unauthorized access, cheating, extortion, criminal intimidation, and identity theft may also become applicable.
Where attackers demand money in exchange for restoring access to files or systems, provisions relating to extortion and criminal intimidation under the Bharatiya Nyaya Sanhita, 2023 may also be invoked depending on the circumstances.
What Should A Victim Do Immediately After A Ransomware Attack?
A victim should immediately disconnect the affected device or network from the internet to prevent the ransomware from spreading to other systems. External storage devices and shared network drives should also be disconnected where possible.
The victim should preserve all available evidence, including ransom messages, emails, screenshots, cryptocurrency wallet details, payment demands, suspicious links, and system logs. These records may assist law enforcement authorities during investigation. It is generally advisable not to delete infected files, format devices, or destroy evidence before reporting the incident.
Where Can A Complaint Be Filed?
A ransomware complaint may be filed through the National Cyber Crime Reporting Portal maintained by the Government of India. Complaints relating to cyber offences can be submitted online along with supporting evidence and incident details.
The victim may also approach the nearest Cyber Crime Police Station or local police station and submit a written complaint describing the attack, affected systems, financial loss, and available evidence.
Organizations and businesses may additionally report the incident to their internal cybersecurity teams, service providers, and relevant regulatory authorities where required under applicable regulations.
What Information Should Be Included In The Complaint?
The complaint should clearly mention the date and time of the attack, details of the affected devices or systems, nature of the ransomware demand, amount demanded by the attackers, and any communication received from them.
The complainant should also provide copies of ransom notes, screenshots, email communications, transaction records, cryptocurrency wallet information, IP addresses if available, and details of any financial loss suffered because of the attack.
What Happens After Filing The Complaint?
After receiving the complaint, the cybercrime authorities may conduct a preliminary assessment of the incident and collect technical evidence. Investigators may examine affected devices, network records, server logs, communication details, and financial transaction records connected with the ransomware attack. Where sufficient material is found, a criminal investigation may be initiated and further action may be taken against the persons responsible for the cybercrime. In serious cases involving large-scale cyberattacks, specialized cybercrime units and digital forensic experts may assist in the investigation.
Can A Victim Recover The Lost Data?
Recovery of data depends on the nature of the ransomware, availability of backups, and the extent of system compromise. Victims may restore data from secure backups if available.
Cybersecurity experts generally advise against paying ransom demands because payment does not guarantee restoration of data and may encourage further criminal activity. Law enforcement authorities may provide guidance regarding investigation and recovery measures based on the specific circumstances of the case.
Conclusion
Reporting ransomware attacks helps authorities investigate cybercriminal activities, prevent further attacks, and identify larger criminal networks operating through digital platforms.
Timely reporting also assists in protecting other individuals and organizations from similar threats and contributes to strengthening cybersecurity enforcement in India. The legal framework under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023 provides mechanisms for investigation and action against offenders involved in ransomware-related cybercrime.
