International Cyberattack Underway, India 3rd Most Affected: How You Can Be Safe

Since Friday, 12 May, the world has been hit by a massive cyberattack. It has affected 230,000 computers in 150 countries, leading to crises in hospitals, schools, government offices, and any industry that relied on computers – which is to say, all industries. The attack has been described by Europol, Europe’s police agency, as “unprecedented”, and it continues to affect computers around the world, with analysts warning about the possibility of renewed attacks in coming days.

What is the attack all about?

The attack involved “WannaCry”, a ransomware that targets Microsoft Windows operating systems. It exploited loopholes in older versions of Windows to send phishing emails to users. Phishing is a method to obtain sensitive personal information of users, like usernames, passwords, credit card details etc., by sending emails pretending to be from an official entity. When an unsuspecting user opens these emails and/or downloads the attached files, their information is compromised and their system is locked/encrypted.

Once the information is encrypted, a message is displayed on the screen declaring the same and asking the user to pay USD 300 (in Bitcoin) if they wish to retrieve their data.

Phishing emails employ “worms” to spread the attack in a local network. If even one of the computers in a local network is compromised because of a phishing email, the worm spreads rapidly and automatically encrypts data in all computers in the network. This is why Friday’s attack spread so rapidly across the world.

Fresh IDR based heatmap for WanaCrypt0r 2.0 ransomware (WCry/WannaCry).
Also follow @MalwareTechBlog's tracker: https://t.co/mjFwsT3JzH pic.twitter.com/SPeZfBpckm

— MalwareHunterTeam (@malwrhunterteam) May 12, 2017

Who are affected?

WannaCry swept across Europe and Asia quickly, locking up critical systems like the UK’s National Health Service (NHS), a large telecom in Spain, and other businesses and institutions around the world, all in record time.

How did the attack affect India?

India was among the worst-hit countries of Friday’s attack because many Indians still use Windows XP, the operating system whose loopholes were exploited by WannaCry. Presently, a critical alert has been sounded

News agency IANS reported that police computers across 18 units in Andhra Pradesh’s Chittoor, Krishna, Guntur, Visakhapatnam, and Srikakulam districts were affected. However, apart from that, there was no immediate information on the extent of the ransomware’s hold on Indian systems.

Gulshan Rai, chief of cyber security, said, “There are about a 100 systems attacked in India and as of now there are no more threats … We understand systems in Andhra Pradesh are impacted, but so far our assessment is that there isn’t much impact.”

Rai went on to add that a better understanding of the ransomware’s effect in India would only happen on Monday after offices open.

How was the attack contained?

Friday’s attack was slackened after a random researcher (known online as MalwareTech) accidentally found a kill switch to combat WannaCry’s spread. Had the kill switch not been discovered, the impact would have invariably been far more catastrophic.

While this has given authorities time to patch up and update systems and cyber-security, there is high probability of other strains of WannaCry striking in the coming days, and these strains could be immune to the kill switch.

Who are the perpetrators?

It is still unclear as to who caused the attack. Europol stated that a massive international manhunt, a “complex international investigation”, was underway to locate the criminals.

Many commentators criticised the US National Security Agency (NSA) for having indirectly caused the attack. The NSA had prior knowledge of the Windows loophole that the hackers exploited on Friday, but the agency did not disclose this loophole as they planned to exploit the same themselves to their benefit. This exploit, known as EternalBlue, was stolen by a group of hackers, who made it freely available in April. The perpetrators of Friday’s attack used EternalBlue to engineer the fast-spreading worm.

If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3

— Edward Snowden (@Snowden) May 12, 2017

What can be done to be safe?

While the kill switch has slackened the attack, the threat persists. There is a lot that you can do to ensure that you don’t become a victim. Links for the same can be found here and here. Below are the salient points.

• Microsoft has issued a security patch for Windows XP and Windows 8, which you can download from the links on Microsoft’s blog.
• You can check if your computer has the necessary patch installed using this free tool which you can download from our German sister site PCWelt.
• Ensure that you have Windows Update enabled to be protected against WannaCry and any other attacks which use the same vulnerability.
• You should have at least one (if not two) copies of any files you can’t afford to lose. Photos, home videos, financial documents and other files that can’t be replaced should be backed up regularly. Ransomware is often clever enough to scan your home network and infect other computers and even network storage drives (NAS drives) so it’s really important to make a backup on an external hard drive that you disconnect and keep safely somewhere.
• Typically, emails from hackers won’t contain a personal message, or it will be so generic that you can’t be sure it’s really from the person in the ‘sender’ field. In WannaCry’s case, at least some of the emails pretended to be an important email from a bank about a money transfer. Either just delete the email, or call the sender and ask them if they sent the email and what is in the attachment, or on the other end of the link. Unless you are absolutely sure the attachment is safe, don’t click on it.
• Avoid downloading from websites that are not trustworthy – even attachments from unsolicited e-mails
• Update Antivirus on all your systems and download Microsoft’s latest software patches.
• While browsing, one should steer clear from unsafe websites and employ essential filters on your browser.
• Use security tools as recommended by trusted sites and the IT ministry for higher safety.

Microsoft said on Friday it would roll out the update to users of older operating systems “that no longer receive mainstream support”, such Windows XP (which the NHS still largely uses), Windows 8, and Windows Server 2003.

Meanwhile, the NSA finds itself on the crosshairs, attacked by cybersecurity activists and government officials who opine that the agency has overreached in its power and influence. The NSA also finds itself on the crossroads, fighting to keep a balance between protecting computer systems and hacking them too.