Following initial attacks by Petya ransomware on some of the world’s largest corporations, the virus has made its way into Indian systems affecting terminals operated by Danish shipping giant AP Moller-Maersk at Jawaharlal Nehru Port Trust (JNPT) and Gujarat Pipavav Port.
“An unforeseen situation has developed at JNPT, Sheva, owing to disruption in the operations of one of the private terminal operator, APM Maersk at JNPT,” an official shipping ministry statement said.
“While the terminal operator is taking steps to address the issues disrupting the operations, it is anticipated that there could be bunching of in-bound and out-bound container cargo,” it added. On Wednesday afternoon, JNPT clarified on Twitter saying that the customs systems were unaffected, and 89 per cent of the cargo would be cleared in 24 hours.
A senior government official told The Indian Express that soon after reports of the global outbreak; the issue was raised to the highest level with the National Cyber Security Coordinator Gulshan Rai being apprised about the situation. Rai left for JNPT on Wednesday to deal with the situation, the shipping ministry statement noted.
In a statement, Maersk admitted that its systems were hit, but added that it has managed the issue and was working on a technical recovery plan with its IT partners and global cyber security agencies.
Gujarat Pipavav Port also said some of the business units were affected. “Last evening AP Moller-Maersk was hit as part of a global cyber attack affecting multiple sites and business units including Gujarat Pipavav Port. This attack has not had any major impact on the company at this point. Please note that the company is responding to the situation to limit the impact and uphold the port operations,” it said in a stock exchange filing.
The Indian-Computer Emergency Response Team (CERT-In) has issued an advisory suggesting to users and organisations that in order to prevent infections, regular backups of all critical information should be made, along with installing the latest patches to Windows systems, which are affected the most by these attacks.
“Since most of the impacted users were in the power, utilities and aviation sector in Europe, the National Critical Information Infrastructure Protection Centre (NCIIPC) was immediately requested to inform its constituents for taking appropriate measures in the critical infrastructure,” the official said. The NCIIPC, which was set up in 2014, broadly identifies power and energy, banking, financial institutions and insurance, information and communication technology, transportation, systems of Central and state governments (except those under the Ministry of Defence), and strategic public enterprises.
Petya is the second global scale cyberattack in a span of two months, after a similar ransomware, Wannacry, crippled nearly 3,00,000 systems across the world in May, including several in India. Cyber security experts have pointed out the growing prominence of governments and corporations putting in place enough checks and balances to prevent such attacks.
“The latest cyber attack and its impact across the world has once again underscored the importance of cyber security. The extent to which this attack has impacted the business operations in India as well as the rest of the world shows that in the times to come it will become a major business risk and corporate sector needs to take cyber security very seriously. Investments on research to ward off such attacks is the need of the hour. Governments across the world and the corporate sector should collaborate globally to prevent and take action against the perpetrators of such attacks,” said Ram Punamaraju, CEO at cyber and cloud security provider Yitsol Technologies.
The aforementioned official said that CERT-In was in discussions with various computer emergency response teams across Asia-Pacific, including those in Japan, Hong Kong, China, Taiwan, and Sri Lanka. Apart from the advisories to users and organisations, CERT-In has also taken the issue up with anti-virus software vendors. Furthermore, it has requested Quickheal to add the detection tool for Petya ransomware on the government’s botnet cleaning and malware analysis centre.
The Petya ransomware, in a manner similar to Wannacry ransomware, locks down a system and seeks ransom from the victims to give them access to their data. Petya demands $300 worth of Bitcoin crypto-currency to restore access to the files. CERT-In has urged individuals and organisations not to pay the ransom, as it did not guarantee that the access would be restored.
At an event earlier on Wednesday, Minister of Electronics and Information Technology Ravi Shankar Prasad said: “On recent reports of cyber attacks, the said advisories have been issued and government is keeping a close watch on the developments. It is in constant touch with international agencies. A number of initiatives have been recently taken to further strengthen cyber security. Specialised CERTs are being set up for vital sectors. Cyber experts are being stationed in all departments. Even state governments have been advised to strengthen cyber security.”