India’s cyber security agency CERT has issued a red alert advising internet users in the country to update their Windows systems to the latest version and encouraged users not to pay the ransom as this does not guarantee files will be released.
After the recent leaks of hacking tools from the NSA and the Central Intelligence Agency, cyber-espionage critics, including NSA whistleblower Edward Snowden and WikiLeaks founder Julian Assange, have criticised the agencies for hoarding vulnerabilities for their own use instead of flagging them to companies like Microsoft in the interest of public safety. It urged all banks in the country to take precautions against the ransomware. The hackers behind WannaCry only accept ransom paid via BitCoin, a digital currency that ensures that the transaction can not be traced. After so many days the ransomware could totally wipe out your data. The identity of the culprits remains unknown.
The Centre, however, assured that India is not a victim of the ransomware attack, adding that the government is keeping a very close watch to ensure that these attacks can be addressed in an effective manner.
Eset Ireland provided several tactics, advising users to update Windows software first, this being the single biggest commonality among those hit by WannaCry.
Microsoft President and Chief Legal Officer Brad Smith blamed the NSA’s practice of developing hacking methods to use against the USA government’s own enemies. Also, people have no idea whom to report if they fall prey to WannaCry.
“We have a long way to go as far as our sophistication in what we need to do in order to put together a plan and a system for cyber security”, says Congressman Ruppersberger.
A spokeswoman for Microsoft said it was preparing a response. What if the Shadow Brokers had dumped the exploits in 2014, before the government had begun to upgrade software on its computers?
Knowing this was a ransomworm, rather than a normal ransomware, I turned to one of the experts on malware that can spread across Windows networks, Roi Abutbul.
“A large-scale infection has been avoided, thanks to a 72-hour national mobilization and emergency response led by the authorities and supported by the industry”, leading domestic cyber security company 360 Business Security Group said. Security patches can break essential third-party software, so they have to be tested and rolled out.
In India, Information Technology Minister Ravi Shankar Prasad said barring “isolated incidents” in Kerala and Andhra Pradesh, there had been no major impact of the attack. No company or hospital, or university, or individual asks to be the victim of cybercrime, but there are also things companies can do to prevent the attacks from succeeding. Multiple backups also help. “But now what you have, in the form of nation-state malware as created by the NSA, is the ability to really dive deep and encrypt the important data in a system, and it really gets scary”.
“It’s not rocket science”, Litan said.
Naturally, it is hard to ascertain the situation for many people because it is not just individual systems that we are talking about, but several computers that are hooked onto a single network in a company.
The exploitation of EternalBlue, suspected to have been developed using a hacking method leaked from US National Security Agency, allows the malware to spread through file-sharing protocols set up across the internal networks of organisations, many of which criss-cross the globe, according to Financial Times.
Phil Richards, the CISO of Ivanti, formerly LANDesk, said this attack appears to be a variant of WanaDecryptor, a relatively new strain of ransomware.
They exploited a ideal storm of factors the Windows hole, the ability to get ransom paid in digital currency, poor security practices but it’s unclear if the payoff, at least so far, was worth the trouble.