Despite government statements to the contrary, it appears that the spread of the WannaCry ransomware in India is much wider than initially reported. That said, the government’s response to the attack appears to have been swift.
The WannaCry ransomware attack appeared on the global scene on Friday (12 May) and spent the weekend infecting hundreds of thousands of computers. As a consequence of the attack, essential government infrastructure in the UK and Spain, not to mention similar institutions in China, Russia and a 150 other countries, were taken down.
The malware, which spreads via a leaked NSA exploit that affects unpatched versions of the Microsoft Windows operating system (Windows 7 and XP in particular), encrypts user data and demands a $300 (around Rs 19,000) ransom in Bitcoin.
While much of the western world reeled under the attack, India appeared to be puzzlingly unaffected. After all, India is the world’s third largest user of unlicensed software, especially Windows.
We decided to dig a bit deeper and spoke to some cyber security analysts and firms regarding the issue.
As it turns out, our suspicions weren’t unfounded. A report by Kaspersky Lab, which was confirmed by a cyber-security analyst from Gartner, suggests that India is the third-largest source of WannaCry ransomware attacks.
Altaf Halde, Managing Director – South Asia, Kaspersky Labs, tells us that the number of reported attacks in India are very low because there is no public disclosure platform for cyber attacks.
Rajpreet Kaur, a cyber-security analyst for Gartner tells us the same thing. She says, “In India, it is not mandatory to report these attacks and so, we’re not sure how many users are impacted.”
Halde and Kaur both confirm, however, that India is infected with WannaCry and on a much larger scale than reported.
A report in The Economic Times suggests that the number of infected computers in India exceeds 45,000. The same report points to a number of Indian companies and individuals that have been impacted by the malware. Manan Shah of Avalance Global Solutions told ET that manufacturing companies have been badly hit.
Kaur tells us that the primary sources of WannaCry attacks are Russia, Ukraine and India. She adds that Ukraine and India are particularly vulnerable because the cyber security awareness is relatively low. Halde again points out that India still relies upon a large number of outdated computer systems.
Interestingly, Halde praises the Indian government’s response to the attack. He claims that this is the first time in his experience that he’s seen such a rapid response to a cyber-security threat in the country. CERT-in (Computer Emergency Response Team) was quick to issue a critical alert and an advisory on the issue. A webinar was also held on the same.
Kaspersky Labs’ research suggests that the incidence of attacks is dying down. Halde tells us that while India is still the third-largest source of WannaCry attacks, quick response over the weekend helped mitigate the damage. Banks and other institutions had the time to update their systems.
Speaking of banks, Kaur does suggest that there is some confusion on that front. She says that there are no clear instructions yet on dealing with the issue, which is a problem as 70 percent of India’s ATMs run on the 15-year old Windows XP operating system. However, she believes that some banks have proactively taken steps to update their systems anyway, which should be enough to prevent WannaCry infections.
On a side note, Kaspersky Labs’ investigations lead them to believe that the hack originated from the Lazarus Group, a group of hackers responsible for the $81 million Bangladesh bank heist and the Sony hacks. This hasn't been confirmed of course. The investigations are still under way.
The report adds that some of the IP addresses involved in the attack originated in North Korea, though that doesn't necessarily mean that North Korea was the originator of the attacks.
Published Date: May 17, 2017 08:23 AM | Updated Date: May 17, 2017 08:23 AM