In the end it cost @malwaretechblog just $10.69 to buy the domain name that would kill WannaCry, arguably the biggest ransomware attack the world has ever seen. But by then, this crypto-ransomware, also called WannaCrypt, had hit at least 45,000 computers spread over 74 countries demanding a $300 ransom in Bitcoins to restore access to these devices and the information inside. Alarmingly, the attack also affected UK’s National Health Service stalling surgeries and other work across the British Isles as patient information and documents became inaccessible.
What is ransomware?
There are many types of malware that affect a computer ranging from those that steal your information to those that just delete everything on it. Ransomware, on the other hand, prevents users from accessing their devices and data till a certain amount is paid to its creator as ransom. Ransomware usually locks computers, encrypts the data on it and prevents other software and apps from running. The WanaCrypt0r 2.0 bug, for instance, wants $300 to be paid in Bitcoins to unlock the affected computers. However, paying the ransom is no guarantee for getting the files will be restored and might just open up new attacks.
Aaditya Uthappa, Director – Enterprise Business, Paladion Networks, says this is criminal behaviour and the owners/authors of the ransomware are under no obligation to fulfil their promise of unlocking our files. Suggesting that this could be sensed as an opportunity to continue extorting money, he adds that it is better to get help from the cyber police cell before making a decision.
How do ransomware attacks take place?
Like all malware, ransomware too exploits vulnerabilities in operating systems. Strangely, in this instance, the hackers could have used the ‘Eternal Blue hacking weapon’ created by America’s National Security Agency (NSA) to gain access to Microsoft Windows computers used by terror outfits and enemy states.
Microsoft claims it “released a security update which addresses the vulnerability that these attacks are exploiting” in March itself and advised users to update their systems in order to deploy the latest patches. A post attributed to Phillip Misner, Principal Security Group Manager Microsoft Security Response Center, said some of the attacks were using “common phishing tactics” like malicious attachments and asked users to be cautious while opening attachments.
What can be the impact of a ransomware attack?
Depending on the critical nature of the computer involved, any malware attack can have serious implications in the highly digitised worlds we live in. In the WannaCry attack it is reported that many surgeries had to be put off, x-rays cancelled and ambulances called back. For many years it has been feared than an attack of this nature can bring public utilities or transport systems to a halt. And that is why a lot of stress is being laid on security of these properties across the world. If a service like an urban metro rail is target, you can rest assured that the ransom will be way above $300.
What is the threat to a country like India?
As India goes increasingly digital, our vulnerability as well as the resultant impact increase too. For instance, a ransomware attack can easily hold a service like the Delhi Metro or a power utility to ransom, quite literally. Also, the fact that a lot of what we have online is now also connected to the Aadhar data of over a billion Indians makes the threat even more real and worrisome.
How to respond to a ransomware attack?
Disconnect from the internet to ensure there is no further infection or exfiltrating of data as the ransomware will be unable to reach the command and control servers. Set BIOS clock back in case the ransomware has a time limit associated to it as with WannaCry. You can also reach out to the Cyber Police Cell of your state immediately. Sites like nomoreransom.org or bleepingcomputer.com can also help