WannaCry attack: 70% of the ATMs in India are particularly vulnerable to ransomware

The WannaCry ransomware is spreading like wildfire across the world, taking down organisations, institutions and critical infrastructure. Public health services in the UK, railways in Germany, automobile manufacturers in France, government ministries in Russia and telecom service providers in Spain have all been affected by the malware. In India, the Computer Emergency Response Team of India (CERT-In) has issued a critical alert over the ransomware, which has found its way to some of the computers used by Andhra Pradesh Police.

The ransomware apparently uses zero day exploits hoarded by the National Security Agency (NSA), that a hacker collective known as the Shadow Brokers claim they obtained from a secret NSA server. The Shadow Brokers tried to auction the exploits and tools, but did not receive any serious bids. The Shadow Brokers then publicly released the exploits for free. One of the leaked exploits was known as EternalBlue. The WannaCry ransomware uses the EternalBlue exploit, along with the DoublePulsar backdoor to compromise the data on a system. The malware is also a worm that can spread over LAN networks. The attackers are demanding a bitcoin payment to allow users to access their files.

 WannaCry attack: 70% of the ATMs in India are particularly vulnerable to ransomware

Representational image. Reuters

Microsoft has already released a fix for the particular vulnerability, before the spread of the ransomware. However, system administrators around the world may not have upgraded the machines with the latest security patches. Older systems, particularly those running the ancient Windows XP operating system, first released in 2001 have been found to be a soft target for the ransomware. Microsoft has slammed the NSA for not revealing the security hole to Microsoft.

According to a report in ZeroHedge, ATMs in China are being affected by the ransomware. The ATMs have been taken offline, and those who come to withdraw money see a window showing that the files on the system have been encrypted, along with a demand for the bitcoin transaction.

India is particularly vulnerable to the same kind of attack. In February, Finance Minsiter Arun Jaitley indicated that over 70 percent of the ATMs in the country are run using the outdated Windows XP operating system. The machines have not been supported officially since 2014, but some banks are believed to have negotiated private contracts for support. Microsoft has patched the older versions of the operating system as well, considering the number of people who could be affected. Microsoft had warned that the older ATM machines would be particularly vulnerable to exploitation. However, the EternalBlue vulnerability affects newer systems that have not been patched as well, including Windows 8 and Windows 10.

Experts had warned that the ATMs using outdated technologies are particularly vulnerable to malicious cyber attacks in India, following the demonetisation of high value currency notes which saw long queues outside ATMs. "We have seen a big focus on ATM attacks in the Asia-Pacific (APAC) region, including India. ATMs in underdeveloped countries are particularly vulnerable as those countries still have old ATM software and are running Windows XP. This makes them the perfect target for an easier score," US-based cyber security company FireEye has said.

The full extent of the damage caused by the ransomware is not yet known, and businesses around the world are scrambling to bolster their defenses. Europol has estimated that some 200,000 machines have been affected in over 150 countries. The Cert-In advisory is accompanied by steps that can be taken to prevent infection, and the Microsoft Security Bulletin MS17-010 contains additional details on which systems are affected and how to fix the security holes.

Updated Date: May 15, 2017 18:24:09 IST