Since last weekend, more than 3 lakh systems in over 150 countries, including India, have been in the grips of WannaCry, a ransomware that encrypts all data on a system and demands payment in return for freeing up access.
However, for a cyber attack that is being termed as the largest of its kind in history, WannaCry has failed to raise the amount of money that one would imagine. A full three days after the malware first struck, the hackers behind the ransomware have made just $60,512.82, or a little less than Rs 39 lakh.
WannaCry spreads as a worm needs only one computer on a given network to be infected. Following that, it automatically spreads to all linked computers. This ransomware works by encrypting and blocking access to all data on an infected system. The malware then displays a message telling users not to worry and that their data can safely be restored.
According to a report, ShadowBrokers, an entity that had previously authentic malware used by the NSA to attack computers around the world, released this ransomware, capable of breaking into systems running Windows.
According to another reports, the virus spreads in a version of Microsoft Windows. The attacks exploited the computers that were running outdated versions of Microsoft’s Windows. The flaw was first identified by US intelligence. Reportedly, the National Security Agency alerted Microsoft about the issue three months ago and Microsoft released an upgrade that patched the flaw, but many users were yet to run it.
Brad Smith, Microsoft’s president said yesterday in a blog post, that the company, its customers and the government all share the blame.
“The governments of the world should treat this attack as a wake-up call,” Smith wrote, adding that “cyber security has become a shared responsibility between tech companies and customers.”
But is India safe?
A New York Times report shows a map, that illustrates the locations of the malware attack across the globe. It does provide a fair representation of the scope of the attack across the world
India, too, is represented on this map and, though there has not been any major news of the attack in our country as of yet. According to an NDTV report, however, over 100 systems of the Andhra Pradesh police have been affected by the ransomware.
Gulshan Rai, DG of the Indian Computer Emergency Response Team (CERT-In), said “We held an assessment meeting today and have found that 102 systems of Andhra Police have been infected with ransomware, particularly those using the Windows operating system.” “While our experts are trying to debug the hacked systems, we will only know the real magnitude of the damage once offices re-open on Monday and systems are turned on,” Gulshan Rai added.
But even as the government continues to play this cool, it is no secret that India is vulnerable at this moment. According to a report in the Times of India, the outdated version of Windows XP, that the ransomware managed to exploit, is used by almost 70 per cent of Indian ATMs.
The report adds that Microsoft stopped providing support, security patches and other tools, for Windows XP in 2014. And it was only post the attacks on Saturday that Microsoft released updates for older systems.
According to Burgess Cooper, partner at consultancy Ernst & Young, “Losses will not only be financial. The damage could be much more than financial in sectors such as manufacture, traditional health care and power generation which have not patched their systems to ensure security for long”
Who all have been affected so far?
Around 1,000 computers at the Russian Interior Ministry have been affected by the cyber attack. The attack also affected Telefónica, and several other large companies in Spain, as well as parts of Britain’s National Health Service, FedEx, Deutsche Bahn and LATAM Airlines.
Other targets in at least 99 countries were also reported to have been attacked around the same time. Almost 30,000 Chinese companies and institutions, including several major firms in Hong Kong, have been crippled by the global cyber attack.
How to save yourself ?
The first thing that we should do is to make sure that their computer’s operating system is up-to-date. If you are currently a user of Windows XP, you need to upgrade it as soon as possible. You should also make sure that your anti-virus software is up-to-date and that scans your computer for any malicious programs, regularly. Large companies, that have computers connected in local area networks, should ensure all outgoing and incoming emails are scanned for malicious attachments.
Just in case, your computer does get affected, it is always advisable that you keep all your data backed up. Additionally, it has been advised that hacked computers should be reported to the authorities immediately, and users should not pay the “ransom”, as there is absolutely no guarantee that your system will be unlocked once you do pay up.
If you suspect that your system may be affected, you should immediately disconnect from the internet to ensure there is no further infection or exfiltrating of data.
CodeoDesk Technologies always ensure its client security and backup for any such cyber attack and we are proud helping our clients.