India, though considered to be a target, has not yet reported major compromises
The WannaCry ransomware attack that hit computers across the world in the weekend, in what is being termed as one of the biggest global cyberattacks, has prompted the Indian government to issue advisories to government and business users on how to tackle the threat. The Indian Computer Emergency Response Team CERT-In conducted a webinar today morning to help the users cope with the threat.
The Ministry of Electronics Information Technology (MeitY) has specifically asked financial infrastructure stakeholders, such as the Reserve Bank of India and the National Payment Corporation of India and the national identity database manager, Unique dentification Authority of India (the issuer of Aaadhar) to ensure that digital payment in the country is not impacted. “MeitY is keeping a close watch on the developments on the ransomware and is working in close coordination with all relevant agencies,” it said in a statement.
While large scale compromises have still not been reported from India, some media reports say in Hyderabad, some police computers have been affected.
Among the most important organizational victims worldwide are:
- Spanish telecom firm, Telefonica
- Close to 20% of the hospitals which are part of the National Health Service (NHS), UK
- FedEx in USA
- Interior Ministry of Russia
- German national rail agency, Deustche Bahn
- Two of the factories, one each in France and Slovenia, of French carmaker, Renault
- Social Security system of Brazil
- Petrobras in Brazil
- Foreign Ministry in Brazil
- Some courts in Brazil
According to a statement from security vendor, Trend Micro, it does not appear to be targeting specific victims or industries.
WannaCry ransomware, experts say, is built by its creators using EternalBlue exploit, based on a tool developed by the US National Security Agency (NSA) to attack computers running Windows.
The ransomware displays a message that files have been encrypted, and demands a payment of around USD 300 in bitcoin within three days or USD 600 within seven days. There's a Twitter bot @actual_ransom that is tracking the payments based on WannaCry demand in real time. At the time of writing, it was about USD 50,000.
The three bitcoin wallets tied to #WannaCry ransomware have received 171 payments totaling 27.96968763 BTC (USD 47,510.71).
— actual ransom (@actual_ransom) May 15, 2017
On 14 March, Microsoft issued a patch for the vulnerability for supported systems (Windows Vista and later operating systems). However, earlier systems such as Windows XP as well as those who failed to apply the patch left many systems vulnerable.
This resulted in Microsoft taking the unusual step of releasing fixes for older systems like Windows XP. To be sure, Microsoft has enterprise agreements with many large users who still use older systems, to support their systems by releasing patches and updates for them. Now, Microsoft has released it for everyone, free of cost.
“This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind,” Microsoft said in a blog posted on its site.
European Cybercrime Centre (EC3), the cybercrime centre of Europol, the central police agency of EU, said in a statement that the attack “is at an unprecedented level and will require a complex international investigation to identify the culprits.”
UK-based Guardian newspaper reported that a 22-year-old UK-based researcher has found a solution. The researcher, identified as MalwareTech, found a way to stop the malware’s spread but warned that “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again.”
Consulting firms like KPMG and E&Y have released advisories on how to tackle the threat. Security software makers like Trend Micro, KasperskyLab and Symantec too have released dos and don’ts for organizations.
Here are the links to various advisories/statements: