If you’ve scrolled past Facebook or read the news in the past two days, you must have heard of the massive ransomware campaign going on around the world which is believed to be the biggest cyberattack to date. Spreading like wildfire, this ransomware has affected about 250,000 systems in over 105 countries including majority of the European nations.
Around 16 hospitals in England & Scotland, run under National Health Service (NHS), reported inaccesible data & IT failures which resulted in doctors turning away patients, cancelling appointments and transfer to emergency care. Other major victims include Russian Interior Ministry, Chinese universities, Hungarian telcos, FedEx branches and German railway operations. While there are no reports of major outbreaks of this attack in India, it is believed to be growing rapidly in the old, outdated systems used by majority of the public organisations.
What is WannaCry?
A ransomware is a type of malicious software that prevents a user from accessing his documents, images, music and other files unless the victim pays for a key to unlock them. In case of WannaCry (aka WanaCrypt0r 2.0), this payment is to be done in form of bitcoin equalling to about US $300. The ransom warning states that the payment amount would be doubled in three days or the files will be permanently deleted if not paid within a week. Scary, right?
WannaCry is supposedly run by Shadow Brokers, a cyber gang blamed for stealing a hacking tool (called Eternal Blue) from US’ National Security Agency (NSA) which gives unprecedented access to all computers using Microsoft Windows. WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.
Even after creating such a global outrage the hackers haven’t been able to gather much money. As per the reports, a total of 145 transactions worth around US $38000 have been made till Monday, three days after the attack.
What is the threat to a country like India?
As India goes increasingly digital, our vulnerability as well as the resultant impact increase too. Moving towards a digital life while ignoring the basic computer security might put our nation into the deepest levels of danger. For instance, a ransomware attack can easily hold a service like the Delhi Metro or a power utility to ransom, quite literally.
Fortunately, this ransomware didn’t spread across India except affecting a few police stations in Andhra Pradesh. The affected systems were standalone Windows machines which didn’t cause much havoc in daily functioning as offline FIRs and records are kept as well. This incident has compelled all government agencies to finally update their system after years.
India’s cyber-security unit, CERT-In has been monitoring the activities of this cyberattack in India and have alerted major banks, airports, telecom networks and stock markets to shield themselves!
While this attack is said to be under control now, there is no stopping them in the future. Considering that our government is planning to put Aadhaar data of billions of people online, while running those obsolete machines in all its offices, the condition can become real troublesome in the near future.
How to protect yourself from WannaCry?
Computers which do not have the latest Windows security updates applied are at risk of infection. If you are running a Windows 10 device, you need not worry about this.
Microsoft had already released a patch for this exploit way back in March, but looking at the present situation, we can very-well conclude that literally nobody uses Windows Updates. Poor Microsoft, it even released a patch for age-old Windows XP.
If you are still using an older version of Windows, go through this reddit post to know how to secure your system.
General security measures:
– Be wary of unexpected emails especially if they contain links and/or attachments.
– Keep your system and other software updated.
– Back up important data in an external device.