Latest news with #NeeharPathare
Indian Express
6 days ago
- Indian Express
The ransomware that doesn't need internet: Why Mamona is a threat you shouldn't ignore
A new cyber threat is on the horizon — one that operates without an internet connection. Security researchers have identified Mamona ransomware, a stealthy malware that executes offline, encrypts files using locally generated keys, and erases its tracks, making detection extremely difficult. Unlike traditional ransomware that relies on remote command-and-control servers, Mamona functions entirely offline by abusing the Windows ping command. 'Mamona generates encryption keys locally, making it effective even in air-gapped or isolated systems, challenging the belief that offline environments are inherently secure,' said Neehar Pathare, MD of 63SATS Cybertech. 'This approach allows attackers to bypass standard network surveillance systems, making detection difficult.' Cybersecurity expert Shubham Singh said, 'Everything Mamona needs to lock your files is built into the malware itself. Once executed, it begins encrypting data autonomously, without needing to contact any server or hacker.' According to Singh, Mamona spreads through physical media like Universal Serial Bus (USB) drives or external hard disks. Infection occurs when a user unknowingly plugs in a compromised device, triggering the ransomware. 'It often uses hidden files, autorun scripts, or obfuscation to bypass antivirus software. Even air-gapped systems are at risk because Mamona leverages human interaction with physical devices to gain entry,' Singh explained. Pathare said, 'The stealthy nature of such threats makes it essential for organisations to enforce strict device policies, maintain consistent offline backups, and train users in managing physical media responsibly. Hardware-based allow-listing and strong endpoint monitoring are also critical in defending isolated systems.' Once the ransomware is activated, it generates encryption keys locally and displays a ransom note on the screen or as a file, instructing the victim to use another device – a smartphone or another computer – to contact the attacker. 'In some cases, the ransom demand may include scanning a QR code or sending an email for further instructions,' said Singh. Singh suggested a few practical steps to stay safe from Mamona and similar threats. Avoid unknown USBs: Never plug in drives from unverified or unfamiliar sources. Use offline-capable antivirus tools: Ensure your endpoint protection can detect threats without relying on cloud-based systems Keep all software updated: Even disconnected systems should receive regular firmware and patch updates. Back up data securely: Store backups in offline or read-only formats to allow recovery after an attack. Watch for warning signs: Renamed files, inaccessible documents, or strange messages may indicate ransomware. Train all users: Ensure that staff are aware of the risks of physical media and know how to report suspicious activity. The Safe Side: As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.
New Indian Express
09-05-2025
- Business
- New Indian Express
Cybersecurity in focus amid India-Pakistan tensions, FM asks banks to ensure firewalling of digital infra
BENGALURU: Given the present heightened tensions between India and Pakistan, cybersecurity experts say cyberattacks can be used to disrupt infrastructure, adding that organisations should adopt a proactive and layered approach to security. On Friday, Finance Minister Nirmala Sitharaman directed banks to conduct regular audits of their cybersecurity systems and data centres and ensure that all digital and core banking infrastructure is fully firewalled and monitored round the clock to prevent breaches or any hostile cyber activity. Neehar Pathare, MD, CEO and CIO, 63SATS Cybertech, said that while traditional warfare has long been defined by physical confrontations, modern conflict is increasingly being waged in the digital domain. The Ukraine conflict and the Israel-Hamas war have both demonstrated how cyberattacks can be used to disrupt vital infrastructure, manipulate narratives, and destabilise entire nations. "We're now seeing a dangerous escalation—where hacktivist groups and state-aligned actors routinely target military systems, government agencies, and critical services,' Pathare said. "Recently, a Pakistani group calling itself 'IOK Hacker' launched a cyber offensive against the Indian Army, disrupting platforms like Army Public School Srinagar's website through DDoS attacks, and attempting to breach the Army Welfare Housing Organisation and the Indian Air Force placement portal," he said, adding these attacks are only going to increase in frequency and sophistication. Cybersecurity and cloud computing company Akamai said it is closely monitoring the notable increase in cyber activity affecting organisations across India, including Distributed Denial-of-Service (DDoS) attempts and the use of malicious files in targeted campaigns.
