Tuesday, May 16, 2017

Cyber-attack alert! Who is responsible? What is WannaCry ransomware? How can it affect India?

WannaCry, a crypto-ransomware, also known as WannaCrypt, has affected over 1,00,000 computers spread over 100-150 countries, including India, on May 12.

 

WannaCry, a crypto-ransomware, also known as WannaCrypt, has affected over 1,00,000 computers spread over 100-150 countries, including India, on May 12. Termed as one of the biggest ransomware attacks the world has ever seen, this bug has slept open dark signs of vulnerabilities in the digital era. Governments and experts are expecting a possible worsening of the ransomware cyber-attack. The indiscriminate attack began Friday and struck banks, hospitals and government agencies, exploiting known vulnerabilities in older Microsoft computer operating systems.
What is the attack about?
WannaCry, a crypto-ransomware that is also called WannaCrypt, affected at least 1,00,000 computers spread over 100-150 countries, including India, on Friday. The WanaCrypt0r 2.0 bug basically encrypts data on a computer within seconds and displays a message asking the user to pay a ransom of $ 300 in Bitcoins to restore access to the device and the data inside. Even FedEx, European car factories, Spanish telecoms giant Telefonica, Britain’s health service and Germany’s Deutsche Bahn rail network have been hit. Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message, agencies reported.
What is ransomware and how is it different from ‘virus’?
Ransomware is a type of malicious software designed to block access to a computer system until a demanded sum of money is paid. There are several ways to affect a computer, ranging from information theft to complete data deletion on the device. Ransomware, according to the name, does not let users access their own devices until a certain ransom is paid to its creator. Ransomware usually locks computers, encrypts the data on it and prevents software and apps from running.
Who are responsible for this?
It is not really known, as to who are behind the attack. It is widely accepted that the hackers used the ‘Eternal Blue Hacking Weapon’ created by America’s National Security Agency (NSA).They gained access to Microsoft Windows computers used by terrorist outfits and enemy states.
How was the attack under control? What could potentially have happened otherwise?
While experts from top nations were busy dealing with the virus, a 22-year-old boy from England accidentally’ stopped the attack, reported The Guardian. According to the report, a researcher who identified himself as MalwareTech and works for Kryptos logic stopped the attack. He had discovered a hard-coded security switch in the form of a link to a nonsensical domain name. He bought the domain name for $10.69, and this triggered thousands of pings from affected devices, thus killing the ransomware and its spread.
If this had not been discovered, millions of computers worldwide could theoretically have been locked within a few days, affecting all kinds of services globally. From schools to govt sector could come to a halt in such malware are not contained quickly.
Is India safe? Is you Aadhaar card save?
The attack was specifically targeted at Microsoft Windows devices. Microsoft claims it “released a security update which addresses the vulnerability that these attacks are exploiting” in March itself, and advised users to update their systems in order to deploy the latest patches. However, Indians usually have the Windows running on office desktops, which makes the data vulnerable. A lot of personal data online are now connected to the Aadhaar data of over a billion Indians. “Since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and make it unusable unless a ransom is paid,” Pradipto Chakrabarty, Regional Director, CompTIA India.
F-Secure highlighted the need for a four-phase approach to cybersecurity: Predict, Prevent, Detect, and Respond; and detect by monitoring infrastructure for signs of intrusion or suspicious behaviour.