There is a good chance that you have already heard about the WannaCry ransomware. If you are wondering what’s going on, and if your computer is secure, here are some information we gathered. CERT-In India has issued a red alert about WannaCry, or WannaCrypt, in an advisory.
What Is WannaCry
WannaCry is a ransomware program targeting Microsoft’s Windows operating system. Ransomware is a kind of cyber-attack where hackers can take control of your computer, and keep you from using it or accessing your data until you make a payment to the hackers. If you don’t, they can even delete everything.
The malware spreads as a worm — scanning other computers linked to any machine or system it infects for the same defect and leaping onto them — through a vulnerability in Microsoft systems, particularly on outdated software like Windows XP or Windows Server 2003.
It locks computer systems and demands $300 to $600 in Bitcoin, hit over 200,000 computers on Friday and the impact continued to be felt across the weekend. Around £33,000 in ransoms have been paid to date, according to analysis of Bitcoin wallets.
The WannaCry cyber-attacks are claimed to be created using a leaked hacking tool created by NSA (National Security Agency – USA). This malware tricked victims into opening malicious malware attachments which are sent through spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
It has spread across 150 countries appears to be slowing down, with few reports of fresh attacks in Asia and Europe on Monday.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.
International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement. Still, only a small number of US-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Vikram Thakur, research manager with security software maker Symantec. By the time, they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious.
On Friday, a large-scale cyber-attack was launched, affecting computers in 150 countries, and in less than a day, researchers observed 57,000 infections.
The hackers demanded payments of $300 to $600 (roughly Rs. 19,000 and Rs. 38,000) which were to be paid using Bitcoins. The British NHS, international shipper FedEx, telecommunications company Telefonica and others were among the targets.
In India, computers at Andhra Pradesh’s police departments were hacked. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.
R Jaya Lakshmi, Superintendent of Police, Tirupati Urban, said the ‘ransomware’ encrypted data in some police stations, adding that they were not able to access data and hackers were demanding ransom in Bitcoins to restore access.
India’s digital security agency, CERT-In has issued a red alert, and advised users and organisations to apply patches to Windows. It added that WannaCry was targeting common file extensions such as PPT, DOC, and TIFF, along with media files such as MP4 and MKV files, and on Monday at 11am is holding a webcast on preventing the WannaCry ransomware threat.
According to a report, enterprises in Mumbai, Hyderabad, Bengaluru, and Chennai have been affected. Two South Indian banks are also reportedly affected, and possibly also Renault in Chennai, the report noted.
The IT ministry has also reached out to agencies such as the RBI, the NPCI, and UIDAI, to warn them about the risks associated with WannaCry, and help to secure their systems, in order to make sure that digital payments in India are not affected, reported PTI.
The ministry has also reached out to ISPs, alerting them to secure their networks, and it has also reached out to Microsoft India to inform all its partners and customers to apply the relevant patches. “The impact has been somewhat contained in India because of the weekend. However, one will have to watch the situation as people return to work tomorrow and access their computers,” Kaspersky Lab Head for South Asia Region Altaf Halde told PTI.
China’s official news agency Xinhua said secondary schools and universities were hit, but did not say how many or identify them. William Saito, cyber security adviser to the Japanese cabinet and trade ministry, said some of the country’s institutions were affected but declined to elaborate. Two hospitals in Jakarta were hit, according to Semuel Pangerapan, a director general at Indonesia’s Communication and Information Ministry. South Korea’s Yonhap news agency said one of Seoul’s university hospitals had been affected.
The hackers likely made WannaCry using a piece of NSA code released last month by a hacking group known as the Shadow Brokers, according to security researchers. The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.
The attack has crippled more than 200,000 computers, and struck banks, hospitals, and government agencies. All this took place over the weekend – the number of affected users is expected to grow now that the work week has begun, and people start logging into their devices.
Brad Smith, Microsoft’s president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack. He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers – not sell, store or exploit them, lest they fall into the wrong hands.
Infected computers appear to largely be out-of-date devices that organisations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
written with agency inputs