Ransomware

Past few weeks saw a hustle in the Digital World as the security of many information systems was compromised. The first such recent massive attack came into limelight on 12 May 2017, Friday with the worldwide spread of malicious WannaCry Ransomware which is estimated to have affected around 150 countries and approximately 2 lakhs computer systems. It encrypted the files on the host systems and returned with a message for ransom of around Rs 19000($300) to Rs 38000($600) to be paid using Bitcoin as the mode of payment to unlock those files which were presumed to get deleted permanently in case the payment is not submitted within stipulated time of such attacks. WannaCry spread across system specifically those without security updates and has been observed in systems operating on Microsoft Windows including Windows XP, Windows Server 2003, which were not supported by Microsoft anymore and Windows7 with the help of National Security Agency, NSA’s tool EternalBlue which was leaked lately. After the attack, Microsoft has rolled out update for these Operating Systems as well. But the patch available for update by Microsoft is only for the licensed products.

The roll out of WannaCry has slowed down once the kill switch was found in their code by a web security team. Cyber specialists have even come up with decryption tools like WannaSmile, WannaKey, WannaKiwi and methods for varied circumstances to recover locked data. The users need to download the tool and run it on the infected machine but to do so it is must to ensure that the system is not rebooted and the associated memory has not been allocated and erased by some other process. In the reply to the same, new ransomware like ThunderCrypt which also exploits a number of NSA tools to attack host systems, EternalRocks came as a ramification without even a kill domain switch with the help of Cryptovirology which explains the use of Cryptography to design spiteful and powerful software.

It has been suggested by few people to not pay the ransom as it is not assured whether the data will be unlocked, remain intact or recovered even after the demands of hackers are met. In addition, there is a chance of data getting compromised, altered or misused. Some just waited to see if anything happens at all if the ransom is not paid. Also, many organizations had the data stored in their back up servers so they didn’t have much impact of data.

The effect of these attacks is supposed not to be reportedly properly in quantitative terms in India due to the rapid use of pirated and unlicensed software especially by the small and medium businesses. The risk of reputation, stocks, market value, and customer belief in the companies makes them to treat such incidents internally. Also, Indian companies are not mandated to report cyber breaches. In fact, India is assumed to be highly affected. The sectors affected include Finance, Banking, Legal, Hospitals, Government agencies, Universities, etc. and thus digital security system. Major ransomware attacks has been identified in Andhra Pradesh, Kolkata, and Kerala. The government has informed all the banks to update ATMs as most of them works on old Microsoft versions and asked agencies like UIDAI, RBI, etc. to secure their systems. Such massive attacks have happened in the past itself. A number of malware also attacks routers, smartphones and current versions of Windows every month. The effects of the attack also had political implications in some countries. Downtime is a huge threat to businesses of all sizes as it leads to huge losses within few minutes. China’s Computer Virus Emergency Response Center warned the people of country about the potential risk of self-replicating ransomware UIWIX which encrypts and renames the files however it is reciprocating with slow speed. It will be too early to say about the actual impact as of now.

There are viral rumours on Facebook and other platforms including posts that state the step by step approach to fight ransomware. One of the likely rumour is the story of the Taiwanese man whose system was unlocked free of cost after attack by ransomware ThunderCrypt since he told the hackers that he couldn’t pay the ransom in his current salary. It gave boost to local hackers to create chaos and fear among public even when their virus is not that effective. Some people even got concerned when their system started acting weird just because of a wire issue or key issues which they considered as an indication of upcoming ransomware attack. People got scared to do online transaction, or use ATM. With the news, many anti-virus companies, computer shops and local cyber businesses came with the new updates in their software to make money out of this opportunity in hand and some tried to deceive people.

Recently a security breach has been identified in Zomato system which is likely to be an aftermath of the WannaCry. Some cyber experts revealed that the details of 17 million account is up for sale on Dark Web which can be accesses only by special software and search engines. The data includes email address, hashed passwords and similar user details. However, the Zomato authorities which claim to have around 120 million visitors on an average every month dismissed the same by stating it to be just an internal breach and said the hashed passwords are of no use. It has logged out all the users from its portal across all devices and asked the users to reset their password. In 2016, 3.2 million debit cards of SBI, ICICI, HDFC, Axis Bank, Yes bank were compromised. In 2015 Ola cabs also faced cyber-attack which extorted the user behaviour, credit card history and other details while Ola denied such attack.

It also raised a number of concerns. Bitcoin is not a legitimate form of currency in India which made people sceptic to use it as a mode of payment. The preparedness of the Indian companies for such massive malicious attacks is questionable. The NSA’s loss of control over its own tools has been raised as a big alarm and is objectionable.

Traps of falling become easy when accounts of organization are accessed from personal laptops or the anti-virus is out of date. When the accounts are linked with multiple other accounts, it put at stake private photos, address, Date of Birth, etc. Simple way to handle such attacks is to first identify the ransomware you are hit with. Some typical types are Scareware which includes rogue security software and tech support scams like pop-ups, Encrypted ransomware which encrypts files on systems, Screen lockers which deny the access to the device and locks user interface. To stop falling prey, it’s important to have latest security and operating system updated in place, use licensed software, maintain critical systems isolated, and add new layers of security to systems. Creating secure backups of data on a regular basis ensuring computer are physically disconnected from the devices after backup can also help in dealing some issues. But how an average Indian will access the licensed software in their salaries? What about the Startups in India, where they will get such resources, it’s a challenge for them in the beginning of their businesses. Cyber coordination centre is to be started next month as mentioned by Union Information and Technology minister Ravi Shankar Prasad More planning needs to be done for cyber security, organizations must tighten the security guidelines, cyber policies and business continuity to be assured in place and having security awareness trained employees. It’s a wakeup call to use licensed software and to take a step forward towards the pirated software. It also provided the opportunity for cyber security professionals to get more value in India and has open doors for new opportunities for cyber security R&D and great advancement in India.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s