Of all the world’s nations, India has been worst affected by the WannaCry ransomware exploit, which uses a weakness in the Windows SMB (server message block), which shares files, services and devices like printers over a network. The exploit was part of the material dumped by the group Shadow Brokers on April 14. A hacker’s tutorial to gain a command prompt on a target machine was released four days later.
And now, someone has followed it to the letter to collect over $25,000 in ransom. But Microsoft had released a patch on March 14, so the attack was restricted to machines running pirated systems and outdated versions of Windows, which are no longer updated. Microsoft is mighty upset because the chaos was unavoidable. Computer security has depended on vulnerabilities being publicised as soon as they are found, so that software companies can patch their products immediately. In this case, the tool used for the hack, EternalBlue, was innovated by the US National Security Agency as a cyberweapon. It remained under wraps until the Shadow Brokers stole it. This is bound to recur since the objectives of the computer security community and national security agencies diverge.
The success which the WannaCry worm enjoyed in India exposes our continued use of superannuated and pirated Windows operating systems. This is because Indians are price sensitive and the cost of software contributes significantly to overheads. Strangely, completely free but reliable desktop operating systems have been available for a decade, but organisations still rely on unmaintained Windows software.
While the governments of other nations in search of cheap computing, like Brazil and the Central American nations, pushed the conversion to free operating systems, India’s embrace of such software remains tentative, and we are paying for it.