11412 - MeitY reaches out to RBI, NIC, Aadhaar to warn against ‘Wanna Cry’ ransomware - The Tech Portal

MeitY reaches out to RBI, NIC, Aadhaar to warn against ‘Wanna Cry’ ransomware

1 day agoAshvita Anand

The Ministry of Electronics and Information Technology (MeitY) has advised stakeholders like RBI, National Payments Corporation of India, NIC and UIDAI (Aadhaar) to protect their systems from being infected by the fast-spreading ‘Wanna Cry’ ransomware to ensure that the digital payments system of the country remains safe.

This move from MeitY comes after over 100 countries’ healthcare and telecommunication sectors faced the repercussions of the ‘Wanna Cry’ ransomware recently. The Ministry has asked cyber security unit Computer Emergency Response Team (CERT)-In to gather info more on the ransomware.

It has taken several steps to ensure that citizens of the country are warned against the ransomware and has reached out to several departments such as the Department of Telecom (DoT) to alert Internet service providers (ISPs) to secure their networks as well as the Data Security Council of India (DSCI) and CDAC to do the same.

The ransomware wreaked havoc on the world this weekend when it hit computer systems in several countries including Russia and UK, making it one of the most widespread cyber attacks to have ever hit the world. It operated by locking access to files on computers that were running older and out-of-date versions of Microsoft Windows such as XP.

The cyber criminals behind these attacks have demanded a fee of about $300 in encrypted currencies like Bitcoin to unlock the device. Microsoft has now released a security patch in light of this situation and is urging its customers around the world to download this solution. In addition, there are now a list of guidelines on Microsoft Community to help customers protect their systems from the ransomware.

Although there have been no formal reports regarding the ransomware attack yet, MeitY has claimed that a few systems of the Police Department of Andhra Pradesh have been affected and the state government has been instructed to follow the directions given by CERT-In.

The Ministry in a statement stated,

MeitY is keeping a close watch on the developments on the ransomware and is working in close coordination with all relevant agencies.

The Ministry has also been in touch with Microsoft India, urging it to inform all its partners and customers to use the relevant patches of security solution. According to CERT-In, the ransomware spreads by infecting other computers that work on the same network and also through malware in e-mail attachments. To stop its spread therefore, security firms have suggested that users disconnect the infected device from the local network.

The damage of the ransomware was seen in countries like Spain, where the malware affected telecommunications company Telefonica as well as several others, and in UK where hospitals and clinics turned away patients because they did not have access to computers.

According to several reports, over two lakh computers have been infected worldwide. Experts believe the situation will be worse in the country as several computer systems still work on earlier software and have not been updated yet.

India is being considered among the top countries that have been negatively affected by the Wanna Cry ransomware, accounting for almost 5% of the attacks. This is mainly because most systems in the country still run on Microsoft XP, one of the operating systems that is most at risk.

Multiple comments by experts reveal more about the ransomware attack and cyber security as a whole.

According to Saket Modi, the CEO and co-founder of Lucideus, ransomware is a trend that seems to be gaining popularity fast, with security companies now receiving 4-5 requests a week from companies around the country to protect them.

The ransomware currently appears to be slowing down, after ‘Malware Tech’ a Britain-based security researcher found a “kill switch” for it. However, experts have warned people that the ransomware could find a way around this fix.

Ashvita Anand

11411 - What if Cybersecurity Threats like ‘WannaCry’ Affects Our Aadhaar System? - Business World

What if Cybersecurity Threats like ‘WannaCry’ Affects Our Aadhaar System?

“This underscores importance of security in the system we are building with Aadhaar. The lead agency has played defensive and offensive each time any researcher highlights flaws or leaks.”

May, 2017

by Regina Mihindukulasuriya

Print this article

The ransomware attack called ‘WannaCry’ spread owing to a vulnerability in Microsoft XP for which a security patch had been released by Microsoft in March this year. As expected most organizations don't seem to have patched their operating system. India is listed among the already affected 74 countries.

The Indian Computer Emergency Response Team (CERT –In) is responsible for scouting the Indian Internet domain for cybersecurity threats. It has issued this critical code red alert, “It has been reported that a new ransomware named as WannaCry is spreading widely. WannaCry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of server message block (SMB) in Windows systems. This exploit is named ETERNALBLUE.”

WannaCry is a type of ransomware.

A ransomware downloads a virus onto the user's device, mostly by clicking on a suspicious link and then starts infecting everything a user may have access to including network; it encrypts all the data it encounters that can only be decrypted by a key provided after paying a ransom.

Unlike other cyberattacks, the data is usually kept intact, but is
encrypted by the virus. The only way to gain access to your data is to buy the encryption key from the attacker in exchange of a ransom payment.

Mishi Choudhary, president and founding director at the Software Freedom Law Centre (SFLC) said,

"This is a flagrant example of a global blackmail facilitated by lax attitude of agencies and organizations on cybersecurity. In November last year, Sky News and Hacker House had warned about such risks but no heed was paid. Not installing regular software updates is the primary cause for such malware to spread like wildfire. This teaches us how something can wreak havoc without attacking the traditionally designated critical infrastructure like a power grid.”

A few tips to save yourself from ransomware:

1. Act early, don't be in denial
2. Use the Microsoft patch from March 2017
3. Install software updates
4. Use Free And Open Source Software
5. Don't click on suspicious links
6. Back up your data

Mr Choudhary continued, “This also underscores the importance of security in the system that we are building with Aadhaar. The lead agency has played defensive and offensive each time any researcher highlights flaws or leaks. It has shunned taking real action to plug in security holes and relied on PR or ad-hoc rules based arrangements to cure a design defect. We hope this cautionary tale pushes us towards an honest and transparent discussion about vulnerabilities that a digitized society brings.”

WannaCry started its spree on May 12. News of the threat came to light with 16 National Health Service (NHS) organizations in the UK and FedEx being affected but quickly spreading around the world. The demand from the hackers to release their hold on the PC has been a ransom payment of 300 dollars in bitcoins. It is also suspected that this malicious software was stolen from National Security Agency of the US.

CERT-In does not advocate paying this ransom amount to release an affected PC system since it does not guarantee the hackers will stick to their word.

11410 - How WannaCry Ransomware attack will affect Banking operations, ATMs, Aadhaar and hacking of other personal details - India.Com

How WannaCry Ransomware attack will affect Banking operations, ATMs, Aadhaar and hacking of other personal details

In a country like India, about 60 percent of the 2.25 lakh ATMs run on Windows XP, an operating software. The cyber attack also brings focus back on data security after Aadhaar details of a large number of Indians found their way on websites.

By Sandhya Dangwal | Updated: May 15, 2017 5:34 PM IST

New Delhi, May 15: Demonetisation woes revisited Indians on Monday in form of WannaCry Ransomware after Reserve Bank of India (RBI) advised all banks to start the ATM operations only after software update in the light of malware attack. Though there were no reports of financial institutions in India being hit by WannaCry Ransomware, the authorities concerned are leaving anything to chance. The cyber attack also brings focus back on data security after Aadhaar details of a large number of Indians found their way on websites.

Banking in India was limping back to normalcy after November 8 demonetisation but WannaCry Ransomware once again derailed all financial operations across the nation. Even in April there were reports of currency note shortage from many parts of the country after a long week-end that saw ATMs running dry within couple of hours. The decision of the banks to restrict the number of free ATM transactions every month did not help the situation either. The RBI has now directed banks to operate their ATMs only after the installed computer systems have received a special Windows update to protect them from WannaCry ransomware. The directive comes in the wake of the ‘WannaCry’ cyber attack that is spreading like wildfire across the globe since Friday.

The WannaCry program gets into your computer, either by clicking on the wrong thing or downloading the wrong thing and then encrypts your files and demands payment in bitcoin in order to regain access. Software giant Microsoft was quoted by BBC saying that the recent cyber attack that has hit over 150 countries in the last week should be considered as a “wake-up call”. Users have been cautioned for not opening attachments or click on links that they did not trust.

In a country like India, about 60 percent of the 2.25 lakh ATMs run on Windows XP, an operating software. The ATM machines mostly run on Windows software and are extremely vulnerable to the cyber attack. “RBI has asked banks to update specific Windows patches on ATMs urgently and not to operate ATM machines unless updates are in place,” a public sector bank official was quoted by the Economic Times.

The linking if Aadhar card to bank accounts increased the threat at the surface. A report by Financial Express quoted Pradipto Chakrabarty, Regional Director, CompTIA India saying that since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and make it unusable unless a ransom is paid.

Meanwhile, Microsoft has issued a statement informing that the company has developed and released a special update for Windows XP. It also mentioned that this particular version of its operating system is no longer serviced by the company. The bitcoin wallets linked to the ransomware saw transactions worth $34,300 indicating that a small percentage of affected users were paying the ransom money, TOI reported.

If the case of ATMs was to be taken, there is no data stored in the machine and neither is there storage of any kind that will block transactions. Manohar Bhoi, President at Electronic Payments and Services was quoted by TOI saying that even if a machine were to get affected it can be reformatted and put to use immediately. Electronic Payments and Services is a management services firm that handles ATMs for public sector banks. Bhoi further said that this can be done remotely and usually the vendors run their tests on the patch before an update. The WannaCry attack began on Friday night with thousands of ransomware attacks on computers in over 100 countries, including India. Till now, 16 hospitals in England, the Interior Ministry of Russia has been a victim of the malicious ransomware software. Meanwhile, Telefonica in Spain, FedEx USA and Academic Institutes in China have also fallen a prey to Ransomware.

Published Date: May 15, 2017 5:23 PM IST | Updated Date: May 15, 2017 5:34 PM IST

11409 - Wannacry ransomware attack: How safe are Aadhaar cards, banks or even ATMs? - Financial Express

Wannacry ransomware attack: How safe are Aadhaar cards, banks or even ATMs?

Microsoft, quoted by BBC, said that the recent cyber attack that has hit over 150 countries in the last week should be considered as a "wake-up call".

By: FE Online | Published: May 15, 2017 11:58 AM

“Since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and make it unusable unless a ransom is paid,” (Image courtesy: Reuters)

Microsoft, quoted by BBC, said that the recent cyber attack that has hit over 150 countries in the last week should be considered as a “wake-up call”. The multi-billion tech giant said that widespread damage had been caused by the software vulnerabilities that have been hoarded by the various governments over the years. The virus used in the process finds and exploits a flaw in one of the versions of Microsoft Windows, something that was first detected by US intelligence. The concern is that experts have predicted bigger attacks on Monday. According to BBC, the virus slowed down during the weekends but still managed to affect more than 2,00,000 computer systems.

Ransomware can be defined as a software (virus), designed with the intent to block the access to any computer system, holding the owner to ransom till the demanded sum of money is paid. The said virus that affected more than 150 countries over the week, is said to have demanded $300 as payment to restore the user’s access to his own computer. Ransomware normally holds the computer in a hostage system, encrypts all your data and prevents all your apps and other software from running. 

Indian Express reports, that a crypto-ransomware, called WannaCry or WannaCrypt was used to affect various countries, including India on Friday. Like the name Ransomware suggests, The WannaCrypt0r 2.0 bug encrypted all the data within a computer system, putting it under a virtual lockdown and asked the user to pay the said amount by a message on the screen. The ransom amount was $300 in Bitcoins. The hacker group that did this, remains a mystery so far. It is, however, believed that the hackers used America’s National Security Agency (NSA) created “Eternal Blue Hacking Weapon” to take over computers used by terrorist outfits. It must, however, be noted that this programme could only hack into computers dependent on the Microsoft Windows operating system. According to IE, what is interesting is that the programme had been stolen from the NSA by a group that called itself Shadow Broker. The reason, it seemed, that they were unhappy with the US President Donald Trump.

Who stopped the attacks?

The viral attack was stopped by an accidental samaritan, who wanted to be identified only as MalwareTech. MalwareTech is a security researcher, who found the security switch in the form of a link to a domain name. What he then did, was buy the domain name for $10.69, triggering thousands of pings from infected systems and killing the malware. The targets of this ransomware were devices that ran on some form of Microsoft Windows.

How safe are banks and or Aadhar Card info?

Microsoft claims that in March, it had released a security update to counter these exposed vulnerabilities and had urged the users to update their systems. However, in India, for most computers users, regular updates is not a habit. So a user can start by updating the system. Secondly, users have been cautioned against opening attachments that they do not trust. Users have been advised not to click on links that they did not trust to stop the download of software from unknown, unverified sources.

It must also be noted that a majority of ATMs, all over the country run on the outdated Windows XP. Now, while the company claims to have provided updates to check the said malware, it had stopped providing any updates for the Windows XP system in 2014, thus putting the machines at a higher risk.

According to the Pradipto Chakrabarty, Regional Director, CompTIA India, who was quoted by IE, the linking if Aadhar card to bank accounts, income tax and other information increased the threat at the surface. “Since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and make it unusable unless a ransom is paid,” Chakrabarty warned.

A report, attributed to F-Secure states the need for a four-phase approach to this threat: Predict, Prevent, Detect, and Respond. 

The user should predict the attack by performing an exposure analysis if his system. He could then prevent the attack using the deployment of a defensive tactic, like the one Microsoft had released earlier. In case the attack has already taken place, the user could respond by trying to understand how the hacking took place and detect by looking for the signs of where the intrusion took place and suspicious behaviour.