Ransomware: The limited impact of WannaCry in India is surprising, but it's no reason to get complacent

The ransomware popularly known as WannaCry is **already a global phenomenon** . Within just a few short days, the malware has infected well over 200,000 computers globally, affected hundreds of companies and hampered the working of essential services. Strangely enough, the impact of the malware in India appears to be minimal, compared to worldwide reports anyway. In fact, Union IT minister Ravi Shankar Prasad went on record to state that the malware had ‘nearly zero’ impact on India. The only reports we’ve seen so far suggest that a handful of police computers in Visakhapatnam, some computers at a village panchayat in Kerala and a manufacturing facility in Tamil Nadu were impacted. This is a far cry from reports of educational institutions in China, the UK’s National Health Service (NHS) and essential infrastructure in Spain being shut down. The malware spreads via a leaked NSA (National Security Agency) exploit that targets earlier versions of the Microsoft Windows operating system. This includes Windows 7, Windows Server 2008 and Windows XP. Windows 10 is unaffected by the exploit. While Microsoft did issue patches for the exploit in March this year, the scale of WannaCry’s impact is proof enough that PCs weren’t updated in time. Data on infected computers is encrypted (locked) by the WannaCry malware and the hackers then demand a payment of $300 (around Rs 19,000) to unlock the files. While it’s doing this, the malware actively uses the NSA exploit to infect more computers on the network. Given its design, the malware is particularly effective against businesses and large computer networks. This includes ATMs (automated teller machines), hospital networks, computers at essential utilities, etc. As Burgess Cooper, Partner — Cyber Security at EY, explains, “The traditional manufacturing sector relies on outdated IT systems that are run by unsupported operating systems and therefore, the risk of creating havoc to public is higher.” A report from cyber security company F-Secure suggests that Russia and China were the biggest victims of the attack. F-Secure chalks these countries’ vulnerability up to the fact that many computers in these countries run pirated versions of Windows, which aren’t upgraded frequently. This is a problem because India is third only to Russia and China in the percentage of computers running pirated software. 70 percent of Chinese computers use unlicensed software, the Russian figure stands at 64 percent and India’s at 58 percent. Given this data, it’s certainly surprising that India’s reported infection rate is so low. It’s possible that the government’s push for Digital India and to secure government networks in the wake of the recent, large-scale Aadhaar data leaks has inadvertently secured many governmental agencies against infection. It’s also possible that the malware, which appears to have initially targeted Europe, took some time coming to India, giving India time to take precautionary measures. Of course, as Sanjay Pandey , an IPS (Indian Police Service) officer who is also a Certified Information System Security Professional (CISSP) puts it, “The absence of any reports from India may not be a reason to cheer, however. Many, due to obvious reasons, may not be reporting and may be silently paying the criminals to unlock ransomed files.” EY’s Cooper further adds, “In my opinion, a majority of Indian hospitals are quite vulnerable to critical infrastructure attacks as they rely on industrial systems that are run by old outdated hardware. Despite investments in high-end security products, the cyber-breach prevention, detection and incident-response capabilities of most organizations are yet to mature in India.” India’s CERT-in (Computer Emergency Response Team) **has already issued a red alert** for the malware. More recently, it appears that the Maharashtra government has also set up a cyber security helpline to handle queries related to the infection. Despite initial reports, India is still extremely vulnerable to WannaCry. Till the threat is nullified, do ensure that your computers are fully updated at all times. A third-party antivirus solution will help, but it’s not necessary to prevent WannaCry. Detailed instructions on securing your PC against WannaCry are available here.