Over the weekend, a virus infected thousands of computers around the world, locking up their data until a ransom was paid. Experts believe the virus uses tools stolen from the NSA to infect computers running the Microsoft Windows operating system.
The virus has been running wild across Europe and Asia. The virus infected some 200,000 computer systems in 150 countries in a single weekend.
WannaCry – also known as WCry, WannaCrypt, or Wana Decryptor – spread like wildfire over the next three days.
The virus was tailored to work across the globe, with ransom messages in dozens of different languages.
WannaCry is a ransomware virus. The primary objective of this viral infection is to encrypt all of the data on targeted systems, rendering the data inaccessible until the owner pays a ransom to the hackers. The ransom is generally paid with an untraceable digital “crypto-currency” like Bitcoin. Once payment is received, the hackers give their victim a code that will unlock their hijacked data.
This type of attack is known as “ransomware,” and it has been alarmingly successful over the past few years. Ransomware virus packages are sold in secret “dark web” marketplaces for a pittance. Some are available for less than the price of a video game.
Virus creators hawk their wares to hacker customers with promises of easy setup, adaptability, and sure-fire income from blackmail victims.
Some of the more alarming estimates say ransomware infections are growing at a rate of 36 percent per year, with over 100 different strains of ransom virus currently active on the Internet. WannaCry is, by nearly universal acclamation, the largest ransomware heist ever recorded.
An emergency security update was made available for Windows XP, Windows 8, and Windows Server 2003 users. Over a million computers around the world are said to remain vulnerable to the virus.
Britain’s National Health System was among the biggest victims. The NHS still runs Windows XP on many of its computers, so it became one of the biggest ransomware victims. Other notable victims of the attack included automaker Renault in France, Spanish telecommunications firm Telefonica, German railway operator Deutsche Bahn (whose passengers snapped photos of arrival and departure screens displaying the ransom message), Russia’s Interior Ministry, Russia’s state-owned Sberbank financial group, and FedEx in the United States.
Microsoft released patches to fix a vulnerability that allowed the worm to spread across networks.
Code for exploiting that bug, known as “Eternal Blue”, was released on the internet in March by a hacking group known as the Shadow Brokers.
Indian Response:
No major incident of the ransomware attack has been reported from India. Meanwhile, some ATMs across the country are facing a shutdown after the malware attack. The Reserve Bank of India has issued guidelines to banks to update the Windows software on which ATMs are run as ransomware could have affected windows.
Government officials said critical networks across sectors like banking, telecom, power and aviation are on high alert to ensure that systems are protected against the report of cyber-attack on India’s vital networks by the crippling global ransomware, ‘WannaCry’.
The India’s cyber security agency Computer Emergency Response Team of India (CERT-In) has issued a red-coloured ‘critical alert’ in connection with the WannaCry attack, and warned users to not pay the ransom.
The CERT-In has suggested some anti-ransonware measures:
Check regularly for the integrity of the information stored in the databases, regularly check the contents of backup files of databases for any unauthorised encrypted contents of data records, do not open attachments in unsolicited emails even if they come from people in your contact list and never click on a URL contained in an unsolicited email, even if the link seems benign.
In cases of genuine (universal resource locators) URLs, close out the email and go to the organisation’s website directly through browser.
The most important advisory by the CERT-In stated individuals or organisations are not encouraged to pay the ransom as this does not guarantee files will be released.
Report such instances of fraud to CERT-In and law enforcement agencies.