A Mr Robot-like situation has gripped the world.
A ransomware — a type of malicious software designed to block access to a computer system until a sum of money is paid — dubbed “WannaCry” attacked hundreds of thousands of computers around the world.
This ransomware that spreads as a worm needs only one computer on a given network to be infected. Following that, it automatically spreads to all linked computers. Once the malware gets installed on a system, the user is locked out and the hacker (who sent the ransomware) demands money (in this case it varies between $300 and $600 in BitCoins) to unlock the system.
According to Microsoft, the cyber attack that has hit as many as 200,000 victims in over 150 countries should be treated by governments around the world as a "wake-up call”.
The attack encrypted has the contents of thousands of computers and demanded a ransom for recovering the files. The first instance of this series of attacks was reported in England, where the National Healthcare System (NHS) was frozen by the program, causing disruption services to such a degree that several hospitals had to refuse patients.
According to a report in The Intercept, ShadowBrokers, an entity that had previously authentic malware used by the NSA to attack computers around the world, released this ransomware, capable of breaking into systems running Windows.
According to reports, the virus exploits a flaw in a version of Microsoft Windows. The attacks exploited the computers that were running outdated versions of Microsoft's Windows. The flaw was first identified by US intelligence. Reportedly, the National Security Agency (NSA) alerted Microsoft about the issue three months ago and Microsoft released an upgrade that patched the flaw, but many users were yet to run it.
Brad Smith, Microsoft's president said yesterday in a blog post, that the company, its customers and the government all share the blame.
"The governments of the world should treat this attack as a wake-up call," Smith wrote, adding that "cyber security has become a shared responsibility between tech companies and customers."
But is India safe?
A New York Times report shows a map, that illustrates the locations of the malware attack across the globe. While the map does not reflect the condition of every computer that was infected by the ransomware, it does provide a fair representation of the scope of the attack across the world, thanks to data collected by MalwareTech.
India, too, is represented on this map and, though there has not been any major news of the attack in our country as of yet. According to an NDTV report, however, over 100 systems of the Andhra Pradesh police have been affected by the ransomware.
Gulshan Rai, director general of the Indian Computer Emergency Response Team (CERT-In), said "We held an assessment meeting today and have found that 102 systems of Andhra Police have been infected with ransomware, particularly those using the Windows operating system."
“While our experts are trying to debug the hacked systems, we will only know the real magnitude of the damage once offices re-open on Monday and systems are turned on," Rai added.
According to another report, enterprises in Mumbai, Hyderabad, Bengaluru and Chennai have also been affected.
Following this, CERT-In, in a “critical alert” asked the central bank, stock exchanges, the National Payments Corporation of India (NPCI) and other vital institutions to safeguard their systems against the ransomware.
But even as the government continues to play this cool, it is no secret that India is vulnerable at this moment. According to a report in the Times of India, the outdated version of Windows XP, that the ransomware managed to exploit, is used by almost 70 per cent of Indian ATMs.
The report adds that Microsoft stopped providing support — security patches and other tools — for Windows XP in 2014. And it was only post the attacks on Saturday that Microsoft released updates for older systems.
These updates need to be taken seriously. Cyber Peace Foundation (CPF), a Ranchi-based NGO that runs a research project monitoring cyber attacks, saw a 56-fold increase in breach attempts at sensors installed across eight states in the country.
According to CERT-In, nearly 11,000 networks in India have been victims of probing-scanning, in the past 14 months. Scanning and probing is the first step used by hackers, where they monitor the systems. This is generally followed by insertion of malware or ransomware.
According to Burgess Cooper, partner at consultancy Ernst & Young, India, “Because it happened on a Friday afternoon (UK time), by the time it spread in India, most Indian companies were closed for the weekend... Monday morning is a story to be watched and we expect more systems would have been infected”.
“Losses will not only be financial. The damage could be much more than financial in sectors such as manufacture, traditional health care and power generation which have not patched their systems to ensure security for long,” he added.
Who all have been affected so far?
Around 1,000 computers at the Russian Interior Ministry have been affected by the cyber attack. The attack also affected Telefónica, and several other large companies in Spain, as well as parts of Britain's National Health Service, FedEx, Deutsche Bahn and LATAM Airlines.
Other targets in at least 99 countries were also reported to have been attacked around the same time. Almost 30,000 Chinese companies and institutions, including several major firms in Hong Kong, have been crippled by the global cyber attack.
How to save yourself from the attack?
The first thing that anyone should do is to make sure that their computer’s operating system is up-to-date. If you are currently a user of Windows XP, you need to upgrade it as soon as possible. You should also make sure that your anti-virus software is up-to-date and that scans your computer for any malicious programs, regularly. Large companies, that have computers connected in local area networks, should ensure all outgoing and incoming emails are scanned for malicious attachments.
Just in case, your computer does get affected, it is always advisable that you keep all your data backed up. Additionally, it has been advised that hacked computers should be reported to the authorities immediately, and users should not pay the “ransom”, as there is absolutely no guarantee that your system will be unlocked once you do pay up.
If you suspect that your system may be affected, you should immediately disconnect from the internet to ensure there is no further infection or exfiltrating of data.
Also read - Legion hacking group are no Anonymous - they look like cyber criminals