Govt issues critical alert over ransomware3 min read . Updated: 15 May 2017, 04:04 AM IST
No major ransomware attack in India, but govt's cybersecurity arm CERT-In has asked RBI, BSE and NSE, NPCI to safeguard systems against the WannaCry virus
Mumbai/New Delhi: The government’s cybersecurity arm has asked the central bank, stock exchanges, the National Payments Corp. of India (NPCI) and other vital institutions to safeguard their systems against the latest cyberattack that has infected thousands of systems globally and may escalate further.
The Indian Computer Emergency Response Team (CERT-In), the central agency coordinating efforts on cyber security issues, has issued a “critical alert" and has advised the installation of relevant “patches" to protect against any data breaches.
The virus dubbed WannaCry, a so-called ransomware, has locked up more than 100,000 computers and sent cybersecurity experts scrambling on Sunday to patch computers and restore infected ones. Experts fear that the ransomware worm that stopped car factories, hospitals, shops and schools in more than 100 countries could wreak fresh havoc on Monday when employees log back on.
Indian officials, who declined to be named, said no major incident of cyberattack has been brought to the notice of CERT-In yet.
Even so, information security officers and senior executives in charge of running the information technology operations in Indian enterprises have been rushing to protect their computer systems against the attack.
Security experts in the country said that the full extent of damage to systems in India would become known when employees log into their systems on Monday morning.
“The number of systems being patched (which means a security plug-in is applied to prevent a loophole in software being exploited) in the past 48 to 72 hours in India is unprecedented," said Burgess Cooper, partner, cybersecurity, at advisory and consulting firm EY India. He said some manufacturing and consumer goods companies in India may be impacted, though there were no confirmed reports at the time of going to press.
A ransomware typically logs users out of their own systems through forced encryption of data and asks them to pay a ransom (in the case of WannaCry, the ransom was demanded in bitcoin, a crypto-currency) if they want to access the encrypted data.
The country most affected by WannaCry is said to be the UK, where 48 of the 248 National Health Service trusts were impacted, causing widespread disruption to health services in the country.
Renault on Saturday said it had halted manufacturing at plants in Sandouville, France and Romania to prevent the spread of ransomware in its systems.
Among the other victims is a Nissan car plant in Sunderland, northeast England.
The WannaCry malware, according to CERT-In, spreads “by using a vulnerability in implementations of Server Message Block" in systems running Microsoft’s Windows operating system.
Microsoft released patches last month and on Friday to fix the vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
Code for exploiting that bug, which is known as “Eternal Blue", was released on the internet in March by a hacking group known as the Shadow Brokers.
The group claimed it was stolen from a repository of the US National Security Agency (NSA)’s hacking tools. The agency has not responded to requests for comment.
Though the spread of the virus has slowed, cybersecurity experts warned that the respite may be brief as new versions of the worm were expected.
The control of the situation has been attributed to a 22-year-old UK researcher who went by the name of MalwareTech.
According to a report on Forbes.com, the researcher is said to have noted that one of the web domains used by the attackers hadn’t been registered. So he registered the site, took control of the domain for $10.69 and started seeing connections from infected victims, which enabled him to track the ransomware’s spread. This accidentally stopped the malware—at least in the UK.