ICAI's Advisory on Rising Ransomware Incidents Targeting CA Firms Through NAS Devices:

ICAI's Advisory on Rising Ransomware Incidents Targeting CA Firms Through NAS Devices

A brief overview of the ICAI advisory warning CA firms about the rising ransomware attacks targeting NAS devices and the urgent need to strengthen cybersecurity measures.

ICAI Warns of Increasing NAS-Based Ransomware Attacks

authorSaloni KumaridateMar 14, 2026
Last update on Mar 14, 2026
ICAI's Advisory on Rising Ransomware Incidents Targeting CA Firms Through NAS Devices According to the information disclosed by the National Cyber Crime Reporting Portal (NCRP), the Indian Cyber Crime Coordination Centre (I4C) has recently noted a sudden increment in ransomware incidents/attacks that are targeting Chartered Accountancy firms and consulting organisations in India. As per the reports, these criminal groups are conducting targeted cyber-attacks against Network Attached Storage (NAS) devices used by these organisations. These attacks even lead to the complete encryption of business data, theft of sensitive information, and ransom demands from attackers.
Govt. Reconstitutes Advisory Board Under Prevention of Illicit Traffic in Narcotic Drugs and Psychotropic Substances Act
Now, many of you must be wondering what a Network Attached Storage (NAS) device is. So, it is a file storage device directly linked to the network of the organisation. Also, this device provides a centralised location to access the data for multiple users and client devices. It works like a private cloud used to store key data such as financial records, client documents, and internal files. Since data in NAS devices is stored at a centralised location, it may lead to complete data loss of both primary and backups. Making it sometimes really difficult to access the data. This is the reason why ransomware groups are targeting NAS devices. If a NAS device is exposed to the internet, poorly configured, or running outdated software, attackers can easily exploit it regardless of the brand or model.
Govt Amends Customs Notification 45/2025; SBER Bank Added to List 14 for Imports Till March 2026
To find these NAS devices with exposed management interfaces, the attackers typically begin by scanning the internet. Thereafter, they gain access to them by exploiting security vulnerabilities, weak passwords, or systems that do not use multi-factor authentication. After that, they are easily able to steal sensitive information/data of clients before deploying ransomware that encrypts all files stored on the NAS device, including backups. After the encryption, they ask for a ransom demand and threaten to leak the data publicly if payment is not made. Refer to the official advisory for complete information.

About Author

Saloni Kumari

Content Writer

Saloni is a Content Writer with 2+ years of experience at studycafe.in. She writes legal, taxation, and finance related content including GST, Income Tax etc. Skilled in translating complex judicial pronouncements and regulatory developments into clear, and reader-friendly articles. Experienced in covering judgements of ITAT, High Court, GSTAT, and news related to Income Tax, GST, and corporate law. She can be reached at [email protected].
StudyCafe
Delhi, Delhi, India
2389
Up Next

Loading suggestions…