URGENT: CERT-In Issues High-Severity Alert for “Kraken” Ransomware Targeting Indian Government & Infrastructure

Digital India is under attack. Today, the Indian Computer Emergency Response Team (CERT-In) issued a highly urgent, high-severity warning regarding a sophisticated new ransomware strain identified as “Kraken.” The ransomware is actively targeting critical Indian government agencies, public sector undertakings (PSUs), and key infrastructure providers.

This alert comes just as we reported a 40% surge in data breaches across India this year, making the timing of Kraken’s emergence particularly concerning.

1. What is “Kraken” Ransomware?

Kraken is not just another ransomware. It is a new generation variant characterized by:

• Advanced Evasion: It uses polymorphic code to bypass traditional antivirus and endpoint detection systems.
• Zero-Day Exploits: Initial analysis suggests it may be leveraging previously unknown vulnerabilities (zero-day exploits) in commonly used enterprise software.
• Dual Extortion: Beyond encrypting data, Kraken also exfiltrates sensitive information, threatening to leak it publicly if the ransom is not paid (a tactic we’ve seen increasingly in 2025).
• Sophisticated Phishing: Attacks are initiated through highly targeted spear-phishing campaigns, often impersonating government officials or IT support.

2. Who is Being Targeted?

CERT-In’s advisory specifically mentions:

• Central and State Government Departments: Particularly those involved in data management and public services.
• Critical Infrastructure: Including energy grids, financial institutions, and telecommunications networks.
• Defense Contractors: Organizations linked to national security projects.

The motive appears to be a mix of financial gain and potentially state-sponsored disruption.

3. Immediate Actions Required for Organizations

CERT-In has outlined a series of urgent mitigation steps:

• Patch Everything NOW: Prioritize patching all systems, especially those running Microsoft Windows, Linux servers, and commonly used enterprise applications, for all known vulnerabilities.
• Isolate Infected Systems: Immediately disconnect any suspected infected systems from the network.
• Offline Backups: Ensure critical data has secure, offline backups that are regularly tested.
• Network Segmentation: Implement strict network segmentation to limit the lateral movement of ransomware if a breach occurs.
• User Training: Conduct immediate refresher training for all employees on identifying sophisticated phishing attempts.
• Multi-Factor Authentication (MFA): Enforce MFA across all systems, especially for remote access.
• Monitor for Anomalies: Continuously monitor network traffic for unusual activity.

4. Implications Under DPDP Act 2025

This attack will test the resilience of Indian organizations under the recently implemented Digital Personal Data Protection (DPDP) Act 2025. Any entity that suffers a data breach involving personal data due to Kraken must:

• Notify CERT-In: Within 72 hours of becoming aware of the breach.
• Notify Affected Individuals: Without undue delay.

The Bottom Line: Kraken is a wake-up call for every organization in India. The threat is real, severe, and immediate. Proactive defense is the only way to safeguard India’s digital future.