By now everyone knows about WannaCry ransomware that had attacked the internet networks world wide.
Everyone is now concerned as whom does it targets and whether their computer is being subjected to the ransomware attack. Also many wants to know whether WannaCry is a virus, whether a patch is needed for it.
CERT-In India has issued a red alert about WannaCry, or WannaCrypt, in an advisory.
WannaCry is a ransomware program targeting Microsoft’s Windows operating system. Ransomware is a kind of cyber-attack where hackers can take control of your computer, and keep you from using it or accessing your data until you make a payment to the hackers. If you don’t, they can even delete everything.
On Friday, a large-scale cyber-attack was launched, affecting computers in 150 countries, and in less than a day, researchers observed 57,000 infections.
The hackers demanded payments of $300 to $600 (roughly Rs. 19,000 and Rs. 38,000) which were to be paid using Bitcoins. The British NHS, international shipper FedEx, telecommunications company Telefonica and others were among the targets.
In India, computers at Andhra Pradesh’s police departments were hacked. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.
R Jaya Lakshmi, Superintendent of Police, Tirupati Urban, said the ‘ransomware’ encrypted data in some police stations, adding that they were not able to access data and hackers were demanding ransom in Bitcoins to restore access.
India’s digital security agency, CERT-In has issued a red alert, and advised users and organisations to apply patches to Windows. It added that WannaCry was targeting common file extensions such as PPT, DOC, and TIFF, along with media files such as MP4 and MKV files, and on Monday at 11am is holding a webcast on preventing the WannaCry ransomware threat.
According to a report, enterprises in Mumbai, Hyderabad, Bengaluru, and Chennai have been affected. Two South Indian banks are also reportedly affected, and possibly also Renault in Chennai, the report noted.
The IT ministry has also reached out to agencies such as the RBI, the NPCI, and UIDAI, to warn them about the risks associated with WannaCry, and help to secure their systems, in order to make sure that digital payments in India are not affected, reported.
The ministry has also reached out to ISPs, alerting them to secure their networks, and it has also reached out to Microsoft India to inform all its partners and customers to apply the relevant patches. “The impact has been somewhat contained in India because of the weekend. However, one will have to watch the situation as people return to work tomorrow and access their computers,” Kaspersky Lab Head for South Asia Region Altaf Halde said.
The hackers likely made WannaCry using a piece of NSA code released last month by a hacking group known as the Shadow Brokers, according to security researchers. The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.
The attack has crippled more than 200,000 computers, and struck banks, hospitals, and government agencies. All this took place over the weekend – the number of affected users is expected to grow now that the work week has begun, and people start logging into their devices.
Brad Smith, Microsoft’s president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack. He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers – not sell, store or exploit them, lest they fall into the wrong hands.
Infected computers appear to largely be out-of-date devices that organisations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.