The ease of doing business and the growing demand of social media among the netizens has undoubtedly made the virtual community an everyday part and parcel of our life. We human beings are getting so used to it that we cannot imagine a day without browsing through the web. Knowingly or unknowingly a person who is not even much acquainted with the online mode is still connected to it in some form.
The Internet is one of the most important inventions till date. As a technological revolution, the fiber optic cables, broadband, mobile and Wifi signals have touched our lives in an infinite manner. It does not matter whether we have an access to the internet or not, but our information is being constantly uploaded and handled by various platforms, including banks, tax authorities, hospitals, educational institutes or the most relevant being the NRC legacy data. Somewhere and somehow our viability is recorded on the web, which even we are unaware of. The point here is to what extent our information is protected or secured in this vulnerable world, where there is no dearth of small time criminals, unethical hackers who can easily misuse our identity and information.
In our everyday life the online portal which has become a part of your life, is being used tremendously even for the smallest necessity of ours, from ordering a pizza to launching a satellite. Did you ever imagine what will happen, if the next day when we open our system and saw that our system have been hacked and all the data is exploited by some unfair means? Well, such things are occurring and has its reach all over the globe.
Following the global cyber attack on May 2017 we have received messages over WhatsApp and Facebook to avoid using ATMs and avoid opening suspicious email which has attachments.with ” attachments s and avoid u
Shocking, but true, the global cyber attack was causing ripples across the globe. Hospitals, schools, companies and government organisations around the world were assessing the damage since 13 May 2017, after a massive cyberattack hit almost 100 countries, infecting computers with malware that demanded ransom payments.
According to a news report published in nbcnews.com, the global cyber attack was the outcome of the US National Security Agency that was leaked last year (2016) has infected nearly 100 countries, disrupting international shipper FedEx Corp, Telecommunication giant Telefonica, schools, government and private organizations, hospitals, clinics were also forced to turn away patients after losing access to computers.
The leaked dump of the National Security Agency, NSAs “EternalBlue” exploit was used by cybercriminals to spread WannaCry ransomware worldwide. Dump of MS-17-010 Windows OS vulnerability was made public by the notorious hacking group known as Shadow Broker on 14th April, 2017. This vulnerability affects most of the desktop and server editions of Microsoft Windows.
The Microsoft Windows SMB (Server Message Block) is being actively exploited, post the Shadow Brokers (TSB) leak on April 2017. Microsoft has released a patch to fix the issue in mid March, 2017. However, systems that have not applied this patch are affected by the WannaCry ransomware which uses wormlike behavior to affect vulnerable system on the network.
The threats posed by exploits like, ‘EternalBlue’, ‘EternalRomance’ and ‘EternalSynergy’ were addressed by Microsoft in their security bulletins MS 17- 010. Moreover, it has been confirmed by the CCN-CERT of Spain’s national computer emergency team that the exploit ‘EternalBlue’ was being used in the massive ransomware outbreak on May 12, 2017. The ransomware used in this campaign is ‘WannaCrypt’ (aka WannaCry , WanaCrypt0r, WCry).
Often have we received job offers, security warnings, messages of winning a huge amount in a lottery, etc., which appear to be real or authentic, but on opening such links we fall prey to cyber extortionists which demand money or bank account details. The malicious software WannaCry, locks a system and its files from use unless an amount is paid to the hackers, this process is described as a case of cyber extortions. It is indeed a tricky business where victims are lured or compelled to open malicious attachments in the form of a spam email or legitimate files.
The WannaCry cyber attack is the biggest online extortion attack ever recorded, disrupting computers that run factories, bank, organizations in some of the powerful nations, including the US, UK, China, Russia, Ukraine, Brazil, Spain and India. Moreover, the Europol demanded that a complex international investigation is required to identify the culprits behind the onslaught.
Quick Heal Internet Security describes the process of the WannaCry ransomware attack as a cause of exploitation of file encryption in the system. Here, file encryption means to provide security to the files stored in the system, including the hard drive, USB drive etc.
The Server Message Block (SMB) on the other hand is a type of service through which systems are connected to network. This service was targeted and attacked by the ‘EternalBlue’ exploit used by the cyber criminals to spread and plant the WannaCry ransomware. The planting of the Wanna Cry causes file encryption to be exploited.
WannaCry Ransomware Encrypted files Source: blogs.quickheal.com
When files are encrypted, it adds “.WNCRY” extension to all encrypted files. After successful exploitation, it adds files ending with extensions DOTexe. this allows malicious registry entries to make persistence into the system, so that it could launch the infection after each system reboot.
Following the successful encryption of files a warning message with instructions is shown to recover the files. Moreover, the victims are threatened that all encrypted data will be lost if the victim does not pay the demanded ransom within a stipulated time. A countdown timer is also shown to create panic among the victim to pay the money as soon as possible.
WannaCry Ransomware Warning Message Source: blogs.quickheal.com
It needs to be mentioned here that the payment was accepted only in the form of Bitcoin. Here, Bitcoin is a type of digital currency that allows people to exchange and spend money without involving banks, credit card issuers or any other third party. Depending upon the choice of currency the cyber attackers damaged computer networks around the world.
Bitcoins are completely digital and are lines of computer code that are digitally signed each time they travel from one owner to the next. Transactions through bitcoins are popular among tech enthusiasts, speculators and criminals.
Britain’s National Cyber Security Center ascertained that a 22-year-old Britain-based researcher, identified online only as MalwareTech, the protagonist who curtail the spread of the ransomware, explained that a hidden web address was recovered in the “WannaCry” code which was made official by registering its domain name. The spread of the malware was further halted by activating a kill switch in the malicious software which operates as a sinkhole to keep malware from escaping.
However, the kill switch couldn’t help those already infected and it would not be so difficult for the criminals behind this attack to re-release their code without a kill switch or with a better kill switch.
The major hits worldwide includes hundreds of computers in the Russian interior ministry, the prominent ones including British shipper FedEx and Spain’s telecom giant Telefonica. Apart from that, automaker Renault and its arm Dacia, the Nissan plant in northeast England, German rail operator Deutsche Bahn, Portugal Telecom and Telefonica Argentina, and a hospital in Jakarta were also hit. China’s Xinhua state news agency said some secondary schools and universities were hit.
Following the global cyber attack, News agency IANS reported that police computers across 18 units in Andhra Pradesh’s Chittor, Krishna, Guntur, Visakhapatnam, and Srikakulam districts were affected.
In India many organisations and individuals still rely on the older versions of Windows Operating System which makes it more vulnerable to such attacks.
In India, the country’s cyber security agency, Computer Emergency Response Team of India, CERT-In has issued a red coloured ‘critical alert’ in connection with the WannaCry attack, and warned users not to pay any ransom and to report such instances of fraud to CERT-In and law enforcement agencies. However, in the wake of the cyber attack, the CERT-In issued an advisory asking computer users in India to upgrade their systems to the latest Windows patch level.
A patch is a software used to correct any loopholes in a program. The WannaCry ransomware attacked those computers which were not upgraded to the new patch level. However, since Windows XP is no longer supported by Microsoft, the patch was not available for the same, but security fixes were available for free for the older Windows system as well.
A Kaspersky report from last October,2016 had already warned that most ATMs in India were at risk since they mostly rely upon Windows XP.
The internet is reaching an increasing number of Indians, in the process of which it is transforming the world’s largest democracy and adding billions to the country’s GDP. Digitalisation after demonetization and the advent of Digital India, lead many to adopt the facilities available online. Moreover, the government is also taking initiatives to impart digital knowledge in the rural areas. It becomes a matter of grave concern for a country like India to face such a cyber attack.
The authorities concerned as well as the citizens should take a lesson from such gruesome attack and adopt every possible method to curb such problems in future. The pros and cons of security measures have to be imparted among the masses. Moreover, instead of free and pirated softwares available online, the common people should go for original anti virus software and update their system at regular intervals.
The Quick Heal Security Labs suggested some to-do list regarding the spread of the infection by the ransomware which includes:
- To apply and upgrade the systems with the patch released by Microsoft to fight against the vulnerabilities posed by the ransomware.
- To keep a backup of important files, folders and data and to check the backup at regular intervals as well as the restoration process to ensure that the files are being stored properly.
- To assure that security solutions are active at every node of the network system.
- To keep the security software (including anti-virus) updated.
- To carry out a complete system scan with the installed security software.
- To abstain from clicking on suspicious links and email attachments from unknown sources.