A cyber-attack on May 12, 2017, hit more than 200,000 computers in 150 countries worldwide. The attack was a ransomware attack called “WannaCry” by which hackers locked people out of their computers and demanded a payment of $300 payment in bitcoins. It made medical care inaccessible and shut down factories in just 2-3 days of its duration. The “WannaCry” ransomware appears to have used a flaw in Microsoft’s software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files. The malicious code relied on the victims opening a zip file emailed to them. From there, the programme used the flaw in Microsoft software to thrive.
On March 14 this year, Microsoft released a security update which addressed the vulnerability in the 16-year-old Windows XP operating system that the hackers behind the massive ransomware attack exploited. The attack affected Telefónica and several other large companies in Spain, as well as parts of the British National Health Service (NHS), where at least 16 hospitals had to turn away patients or cancel scheduled operations, FedEx, Deutsche Bahn, as well as the Russian Interior Ministry and Russian telecom MegaFon. According to Quartz the three bitcoin wallets used in the attack have received just under 300 payments totalling 48.86359565 bitcoins as of May 13, the equivalent of about $101,000.
What is ransomware attack?
Ransomware is a kind of cyber- attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid. For cyber criminals to gain access to the system they need to download a type of malicious software onto a device within the network. This is often done by getting a victim to click on a link or download it by mistake. It is normally contained within an attachment to an email and once opened it encrypts the hard drive. Once the software is on a victim’s computer the hackers can launch an attack that locks all files it can find within a network. The first ransomware attack appeared in 2005 in the US and quickly spread around the world.
The recent ransomware attack “WannaCry” that is also known as Wanna Decryptor is a specific ransomware programme that locks all the data on a computer system and leaves the user with only two files: instructions on what to do next and the Wanna Decryptor programme itself.
When the software is opened it tells computer users that their files have been encryted, and gives them a few days to pay up, warning that their files will otherwise be deleted. It demands payment in Bitcoin, gives instructions on how to buy it, and provides a Bitcoin address to send it to. Most computer security companies have ransomware decryption tools that can bypass the software.
How has it impacted India?
In Kerala, computers of two village panchayats were hit, with messages demanding $300 (`20,000) in virtual currency to unlock the files. Those who opened the computer at the Thariyode panchayat office in the hilly district of Wayanad found that four of their computers had been hacked. Likewise, another village panchayat at Aruvapulam near Konni in Pathanamthitta district got a similar virus message when their computer was switched on. IT experts were working on these systems.
In West Bengal’s West Midnapore district, at least eight computers of the state-run electricity distributor were affected. Experts were ascertaining whether it was the same malware virus behind the world’s biggest ransomware attack.
The government on May 14 said it has activated a “preparedness and response mechanism” to prevent any major cyber damage from the ransomware. According to the Ministry of Electronics and Information Technology (MeitY), it has activated a “preparedness and response mechanism” by instructing CERT-IN (Computer Emergency Response Team) to gather “all the information of the reported ransomware”. “MeitY has initiated contact with relevant stakeholders in public and private sector to ‘patch’ their systems as prescribed in the advisory issued by CERT-IN. MeitY has also requested Microsoft India to inform all their partners and customers to apply relevant patches,” the ministry said in a statement. IT Minister Ravi Shankar Prasad said “There is no major impact in India unlike other countries. We are keeping a close watch. As per the information received so far, there have been isolated incidents in limited areas in Kerala and Andhra Pradesh.”
Quick Heal Technologies Ltd, the maker of antivirus software, has said that it has detected over 48,000 ransomware attack attempts in India, with West Bengal witnessing the most incidents. Quick Heal has “detected over 48,000 MS-17- 010 Shadow Broker exploit hits responsible for ‘WannaCry ransomware’ outbreak in India”, the cyber security firm said in a statement.
The Pune-based company said 60% of the ransomware attack attempts by the malicious WannaCry virus were targeted at enterprises, while the rest were on individual customers. Quick Heal said there have been over 700 distress calls by customers in the last few days, following the discovery of the attacks which has impacted 150 countries globally. The top five cities impacted by the ransomware attack were Kolkata followed by Delhi, Bhubaneswar, Pune and Mumbai, while the top five states with maximum detections of WannaCry virus are West Bengal, Maharashtra,
Gujarat, Delhi NCR, and Odisha.
What should be done to protect oneself from the ransomware attack?
Authorities in the U.S. and the U.K. have issued guidance on what to do.
Individuals and small businesses should:
Large organisations should:
It’s been suggested by many to restore all files from a backup. If this isn’t possible, there are some tools that can decrypt and recover some information.
Add new comment