Computer Systems of 18 Andra Pradesh police units are among the hundreds in India endangered by the WannaCry Ransomware attack, which starts on May 12 and is measured to have affected more than 200,000 computer systems across 150 countries so far. Ransomware is a type of malicious software designed to block access to Computer systems until some money is paid. The Ransomware malware is usually transmitted through e-mail and prevents access by encrypting the targeted system’s data. The ransomware is demanded to be paid in the Virtual currency Bitcoin, which the Reserve Bank of India does not recognize as an authorized mode of exchange.
Cyber security experts said, “Since 2015, ransomware malware attacks have become rampant in India and finding victims in a wide range of industries, from pharmaceuticals to hospitality and banking to information technology.”
The latest attack of Ransomware affected the computers at private companies in Hyderabad, Mumbai, Bangalore and other cities. The Andhra Pradesh police were the first government agency to report being affected. Now it has appeared that the Gujarat State Wide Area Network and customer care centers of the West Bengal Electricity Distribution Company Limited were affected.
WannaCry is not the first ransomware experience for the government agencies in India as two such attacks have been reported in the last two years. In January 2017, three servers in the Delhi office of Quality Council of India, an accreditation group set up jointly by the Indian industry associations and central government, were attacked by Cerber Ransomware. It took nearly 36 hours by the cyber security experts to unblock the system with the help of decryption applications. No ransom had to be paid, said a cybersecurity expert who was involved in the operation.
In January 2017, three servers in the Delhi office of Quality Council of India, an accreditation group set up jointly by the Indian industry associations and central government, were attacked by Cerber Ransomware. It took nearly 36 hours by the cyber security experts to unblock the system with the help of decryption applications. No ransom had to be paid, said a cybersecurity expert who was involved in the operation.
Kislay Chaudhary, a Cybersecurity consultant with the central government, said: “Using decryption applications to unblock the ransomware-infected computers is easier said than done. There are numerous of decryption applications available on the internet, and each has a particular purpose. So the operation is inherently hit-and-miss. If all the available applications fail to decrypt the data, the only option left is to wait for the development of the malicious software’s kill switch to unblock the computer.”
In May 2016, Locky Ransomware affected the computer systems of Maharashtra’s revenue and public works departments.
“It is not that government agencies are more vulnerable to these attacks, the most vulnerable are private or independent servers and customized mailboxes, which fail to spam emails with malware attachments, often because of lack of expense in making the computer systems safe enough, and inadequate research and development.”
Pavan Duggal, the advocate in cyber security law, said: “Most of the ransomware attacks were unreported, and India is no exception to that, top information technology companies, banks and even government agencies in the country have witnessed such attacks in the last three years. But most of these attacks were local and isolated in nature. A mass attack like WannaCry is unprecedented.”
Further, he added: “India must urgently establish a cyber security law and improve the Information Technology Act to make cyber attacks criminal offenses and certainly chalk out the roles and responsibilities, accountability and liabilities of internet service providers and intermediary agencies in case of such crimes.”
A Jharkhand-based cyber security non-profit, Cyber Peace Foundation, has invested in a project called “Honey Net” to fight against these kinds of cyber attacks. Under this project, the organization has set up an intentionally vulnerable computer networks in 10 states, including Gujarat, Jharkhand, Andhra Pradesh and Karnataka, to invite cyber attacks to analyze their nature. They recorded a significant trend a day before the global cyber attack of May 12.
Vineet Kumar, the founder of the NGO, said:
“The system which usually ensures 147 cyber attack attempts per day on an average endured around 9,000 attacks on Thursday, and they have received requests to deal with 15 WannaCry infections. These clients include private businesses, academic institutes, and government companies.”
PTI reported: “In the wake of the WannaCry Ransomware attack, the Indian government’s Computer Emergency Response Team issued a critical alert. They also issued an advisory while the Ministry of Information Technology reached out to key stakeholders such as the Reserve Bank of India, National Informatics Centre, National Payments Corporation of India, and Unique Identification Authority of India. They advised them to protect their systems against WannaCry and ensure the protection of the digital payments ecosystem in the country.” The RBI, in turn, urged the banks to down their ATM systems until the ATMs received the update for Windows software that protects against the ransomware.
Chaudhary said: “ATMs operations are usually outsourced to third parties, and it is shocking that more than 70% of the ATM network in India operates on Windows XP. Microsoft has discontinued issuing update patches for the Windows XP, though the cause of WannaCry is exceptional because they had released applications on receipt of prior input about a desirable leak. But most users, including government agencies, often act reluctant in installing the update files.”
He also added: “Indian banks have witnessed several malware attacks in the past, but surprisingly many of them are yet to take adequate measures for protection.”