With the recent global cyber attack many industries around the world faced serious consequences. Meanwhile in India people with lot of time in their hands made fabricated messages and circulated in the social media like ” ATMs will not be available for two days” ” Install this software, if you don’t want your phone to be attacked by Malware”.
But the cyber cell in India did a good job in instructing people of this issue and how to safeguard against them by sending documents with instructions.
Though many operations in several organisations from banking to insurance, manufacturing, retail, IT services were affected it wasn’t substantial and the impact wasn’t large as expected.
So lets go in detail about this global attack. The attack started on Friday, 12 May 2017 and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries. Before we know how they did it, first we must know that the type of malware used was a ransom-ware.
So what’s a ransom-ware?
Ransomware is a malicious software that encrypts the files and locks device, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a dangerous ransomware named ‘Wannacry’ has been affecting the computers worldwide creating the biggest ransomware attack the world has ever seen. This has affected computers in India also.
What is WannaCry Ransomware?
WannaCry ransomware attacks windows based machines. It also goes by the name WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY.It leverages SMB exploit in Windows machines called EternalBlue to attack and inject the malware. All versions of windows before Windows 10 are vulneable to this attack if not patched for MS-17-010. After a system is affected, it encrypts the files and shows a pop up with a countdown and instructions on how to pay the 300$ in bitcoins to decrypt and get back the original files. If the ransom is not paid in 3 days, the ransom amount increases to 600$ and threatens the user to wipe off all the data. It also installs DOUBLEPULSAR backdoor in the machine.
How it spreads?
It uses EternalBlue MS17-010 to propagate. The ransomware spreads by clicking on links and downloading malicious files over internet and email. It is also capable of automatically spreding itself in a network by means of a vulneability in Windows SMB. It scans the network for specific ports, searches for the vulneability and then exploits it to inject the malware in the new machine and thus it spreads widely across the network.
What’s the Impact in India?
“Informally minor instances have been reported but they are like a drop in the ocean,” said Aruna Sundararajan, secretary, ministry of electronics and IT. Apart from the isolated incident of the Andhra Police where 18 computers were affected, the government has not received any reports of major attacks according to the secretary.
Meanwhile, cybersecurity experts estimate that in the last 24 hours, the virus, reports of which first came on Friday from Europe, has affected operations in several Indian organisations from banking to insurance, manufacturing, retail, IT services, automotive companies, small retail shops and two of the country’s largest BPOs.
Corporate houses urged employees to back up their data and refrain from opening unfamiliar file attachments. “We are also urging all Windows users to install software upgrades and firewalls,” said the IT head of a media group.
What can you do to prevent infection?
- Microsoft has released a Windows security patch MS17-010 for Windows machines. This needs to be applied immediately and urgently.
- Remove Windows NT4, Windows 2000 and Windows XP-2003 from production environments.
- Block ports 139, 445 and 3389 in firewall.
- Avoid clicking on links or opening attachments or emails from people you don’t know or companies you don’t do business with.
- SMB is enabled by default on Windows. Disable smb service on the machine by going to Settings > uncheck the settings > OK
- Make sure your software is up-to-date.
- Have a pop-up blocker running on your web browser.
- Regularly backup your files.
- Install a good antivirus and a good anti-ransomware product for better security.