Bharat SainiLast Updated on May 15, 2019 by Bharat Saini
WannaCry ransomware, worldwide cyber-attack that started on Friday, 12 May 2017; appears to have had less impact on corporate India’s operations, India is third worst hit nation after Russia & Ukraine, besides Taiwan. WannaCry ransomware cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin crypto-currency affected operations at the US health care system and French car maker Renault, parts of Britain’s National Health Service, Spain’s Telefonica, FedEx and Deutsche Bahn and many other countries and companies worldwide.
The malware spread across local networks and the Internet to systems; by exploiting vulnerabilities in older versions of Microsoft Windows such as Windows XP and Windows Server 2003, that have not been updated with the most recent security updates; to directly infect any exposed systems. US National Security Agency (NSA) had identified this weakness and stockpiled and developed EternalBlue exploit, using to its own advantage. It was leaked by The Shadow Brokers (TSB) hacker group on 14 April 2017, and was used as part of the worldwide WannaCry ransomware attack on 12 May 2017. Once established WannaCry encrypted computer files and displayed a message demanding $ 300 to $600 worth of Bitcoin to release them. Microsoft had issued a “critical” patch on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack, but many organizations had not yet applied it. Immediately after the outbreak, Microsoft released updates for these operating systems that had not been updated. Shortly after the attack began, a web security researcher who blogs as “MalwareTech” discovered an effective kill switch by registering a domain name found in the code of the ransomware. This greatly slowed the spread of the infection, however new versions have now been detected that lack the kill switch. Danger from the cyber attack that hit 150 nations continues to fade drastically and has almost died down as of 19 May 2017.
In India the ransomware WannaCry attacked about 48000 computers, mostly in West Bengal and claimed victims include Tirupati temple and some computers at police stations in Andhra Pradesh and West Bengal State Electricity Company Limited. Another ransomware by the name of Lazarus had attacked Indian companies in January this year and last year India has seen at least three sophisticated ransomware attacks on Indian companies and banks. The first one Lucifer that happened last year locked computers of banks and pharmaceutical companies.
Some of the facts about WannaCry ransomware attack are:
- WannaCry is the biggest cyberattack worldwide, reported so far in history. It is unprecedented in its reach, with victims in at least 150 countries across the globe.
- Ransomware, as the very name suggests, is holding your files for ransom, it is malware that essentially takes over a computer or a device and prevents users from accessing the data within the computer until a ransom is paid. The hacker finds all your files and encrypts them and leaves a message that if your want to decrypt them, and then pay. The ransomware encrypts data on the computer using encryption that only attackers know.
- Data hacked by ransomware can be recovered without by paying any ransom. The easiest way is to head to the last backup and retrieve the data. Users who regularly back up their data and ensure that security tools installed on their computers and are always up-to-date need not worry about such attacks.
- ATMs are not vulnerable to such malware attacks- which encrypt files; as ATMs do not save any financial transaction data.
- Smartphones face a big threat as PCs; as the larger operating system is on the mobile, which is Android.
- Threat is as such not over. Although, the impact on India of the ransomware has been relatively less, but according to the Indian Computer Emergency Response Team (CERT-In), WannaCry has not seen its end, as multiple modules can still emerge and cause disruptions.
- Though there is no perfect solution to stop WannaCry-like ransomware attacks but these can be prevented. Users should regularly back up their data and ensure that security updates are installed on their computers as soon as they are released.
Users should also be cautious regarding malicious email messages that often masquerade as email from companies or people they regularly interact with. Also, be wary of attachments from people and sources, that one is not sure of.
