Even criminals have gone digital now. The old habit of kidnapping people and sending ransom notes with words cut out of newspaper headlines is passé. These days, cyber criminals send you an email with a link. Click it and all hell breaks loose: your files (documents, spreadsheets, photos etc) get encrypted and locked. You just won’t be able to open them, unless you pay the ransom. Payment is demanded in Bitcoin cryptocurrency. After 72 hours, the $300 ransom doubles. After seven days your files are permanently locked. The world got a taste of that when a nasty malware called WannaCry struck computers running older versions of the Windows operating system around the world (and left millions in tears). This malware attack was first reported on May 12.
Since the attack began, more than 200,000 computers in 150 countries were infected. Computers that run older versions of the Windows operating system, such as Windows XP, were hit first. Even those computers for which the security updates or patches were not applied have been affected.
Hackers find vulnerabilities in operating systems and try to exploit those vulnerabilities by tricking users into downloading malware or malicious code. Once the code is installed on the machine it takes control and does whatever the hacker intended. In the case of ransomware, it encrypts and locks files.
To counter this, Microsoft regularly issues updates for its operating system but it is up to users to download those updates and security patches.
Microsoft stopped support for Windows XP and hence no security patches were released since April 2014 (with the exception of one emergency patch released in May 2014). However, the day after the outbreak Microsoft released an emergency security patch for Windows XP.
So what has been the impact of WannaCry on Indian companies?
Sharda Tickoo, Technical Head, Trend Micro, India said India is the “worst hit” in the APAC region.
“This malware is different as it is trying to exploit legacy systems. In India we still have many machines running on legacy operating systems like Windows XP and Windows (Server) 2003,” said Tickoo.
Nicolas Drogou, Head, Security Practice, Asia Pacific, Orange Business Services informed us what he observed in Singapore.
"Singapore has experienced recent serious security
incidents affecting public institutions. The defense sector was hit with a
breach that stole credentials of military personal completing their National
Service. More recently, the research facility of the NUS (National
University of Singapore) was also compromised," said Drogou . "However, none of these two
incidents were linked to WannaCry which was yet another incident which to my
knowledge affected companies at a global level especially in Asia. This brings
us to a point and realization that states which are known to be prepared for
cyber threats can also be subjected to such incidents which perfectly
illustrates the mantra that is: It’s not if, but when."
Experts say the best way to protect yourself from WannaCry is to take a multi-pronged approach: make backups, patch software, upgrade to the latest operating system and isolate infected systems.
It was widely speculated that ATM machines running on legacy operating systems would be the next target. In response, some Indian banks refrained from refilling their ATMs, inconveniencing millions of customers across the country.
Electronic payments and online transactions in India dipped following the outbreak of WannaCry. This impacted the e-commerce industry and services/utilities companies.
But even other industries could be impacted. The airline industry, for instance, notoriously holds on to legacy infrastructure. The most visible sign of this are the display information screens at airports, which run on Windows XP.
Some hospitals also use equipment with outdated software. If WannaCry strikes there, it could lock up files with electronic healthcare records. Lives are at stake here.
Samir Shah, CEO Aurionpro said, “In most hospitals, on average, 11 per cent have equipment that run older versions of Windows. For them patching end-points is not a regular routine, as you would see in say, the banking industry.”
Imagine the chaos at airports, railway stations and hospitals if WannaCry strikes there.
Can we expect something worse than WannaCry in the near future?
According to Anmol Singh, Principal Research Analyst, Gartner, WannaCry was “amateurish”.
“When the same toolkit is now available to more advanced hackers, we should expect and be prepared for more sophisticated attacks. There is evidence that hackers have been able to override the kill-switch and create newer variants of the malware (WannaCry 2.0) by modifying source-code so as to ensure they are free of any kill-switches making them less likely to be detected and killed easily. There are several other attacks associated with the underlying SMB vulnerability in older Windows OS versions that could be exploited to implant backdoors and malwares. Since the toolkit from NSA works at OS thread level which is pretty cutting-edge, newer variants of malware could go undetected by most endpoint security tools,” said Singh.
Well, it sounds like this is just the tip of the iceberg, and we should be prepared for the worst.
Makes you “wanna cry,” no?