ICAI's Advisory on Rising Ransomware Incidents Targeting CA Firms Through NAS Devices:

A brief overview of the ICAI advisory warning CA firms about the rising ransomware attacks targeting NAS devices and the urgent need to strengthen cybersecurity measures.
ICAI Warns of Increasing NAS-Based Ransomware Attacks

ICAI's Advisory on Rising Ransomware Incidents Targeting CA Firms Through NAS Devices
According to the information disclosed by the National Cyber Crime Reporting Portal (NCRP), the Indian Cyber Crime Coordination Centre (I4C) has recently noted a sudden increment in ransomware incidents/attacks that are targeting Chartered Accountancy firms and consulting organisations in India. As per the reports, these criminal groups are conducting targeted cyber-attacks against Network Attached Storage (NAS) devices used by these organisations. These attacks even lead to the complete encryption of business data, theft of sensitive information, and ransom demands from attackers.
Now, many of you must be wondering what a Network Attached Storage (NAS) device is. So, it is a file storage device directly linked to the network of the organisation. Also, this device provides a centralised location to access the data for multiple users and client devices. It works like a private cloud used to store key data such as financial records, client documents, and internal files. Since data in NAS devices is stored at a centralised location, it may lead to complete data loss of both primary and backups. Making it sometimes really difficult to access the data. This is the reason why ransomware groups are targeting NAS devices. If a NAS device is exposed to the internet, poorly configured, or running outdated software, attackers can easily exploit it regardless of the brand or model.
To find these NAS devices with exposed management interfaces, the attackers typically begin by scanning the internet. Thereafter, they gain access to them by exploiting security vulnerabilities, weak passwords, or systems that do not use multi-factor authentication. After that, they are easily able to steal sensitive information/data of clients before deploying ransomware that encrypts all files stored on the NAS device, including backups. After the encryption, they ask for a ransom demand and threaten to leak the data publicly if payment is not made.
Refer to the official advisory for complete information.
About Author

Saloni Kumari
Content Writer
Saloni is a Content Writer with 2+ years of experience at studycafe.in. She writes legal, taxation, and finance related content including GST, Income Tax etc. Skilled in translating complex judicial pronouncements and regulatory developments into clear, and reader-friendly articles. Experienced in covering judgements of ITAT, High Court, GSTAT, and news related to Income Tax, GST, and corporate law. She can be reached at [email protected].
StudyCafe
Delhi, Delhi, India
2389My Recent Articles
- ITAT Remands Section 69 Unexplained Cash Credit Addition After Bank Statement Was Not ExaminedPremium
- ITAT Remands Transfer Pricing Dispute: DRP to Reassess Comparables and Working Capital AdjustmentPremium
- CBDT Notifies TDS Exemption on Aircraft Lease Payments to IFSC Units Under 20-Year Tax Deduction Scheme Premium
- CBDT Grants TDS Exemption On Ship Leasing Payments To IFSC Units Under 20-Year Tax Deduction SchemePremium
- ITAT Remands Case to CIT(A) After Admitting Crucial Sale Deed as Additional Evidence
Up Next
Loading suggestions…
Recent Posts

All Posts

Recent Posts

All Posts








