Chennai: WannaCry or WannaCrypt uses an exploit from National Security Agency (NSA) that was leaked by a group called Shadow Brokers. It leaked a trove of exploits. Criminals propagated WannaCry worm and ransomware hybrid using one of the exploits.
If any group uses those exploits to make more ransomware worms, it could have disastrous effects around the world.
Q People say that the effect in India has been minimal compared the rest of the world. Why is it so?
Reasons could be many. India is not 24/7 connected like the UK or the US. India still uses old Operating Systems (OS) like Windows XP, which are easily affected by WannaCry, but it hit networks in the morning time of UK. UK and Russia - which were most hit by the worm, started working on solutions for taking down the ransomware. The Internet Service Providers (ISPs) across the world started putting Intrusion Prevention System (IPS) signatures and the first 12 hours were the most crucial and the worm infected the maximum number of systems.
Since most systems in India were not in operation then, the impact was not high. Also by the time India woke up to its morning, most anti-viruses and IPSs were put in place so the worm could not spread like the first 12 hours. Except Telangana and a few places, not much impact of the worm was seen.
Q How safe are our banking and financial sector networks?
Most banking systems in India use the Windows XP OS, which is vulnerable to exploits, which WannaCry ransomware worm uses to propagate. Microsoft only released the patch for Windows XP security after the attack. Somewhere the security guys, industry and banking guys and the corporates are missing out crucial things. The creators of WannaCry knew how the network is configured in the BFSI sectors.
Q Do you think that this could have affected some banks?
Multiple banks have faced such attacks in the past. Most attacks were of information stealing and selling of the same. In the last few months, the attacks became more sophisticated involving ransomware. Most bank CZOs in India do not share details of such attacks and prefer hiding details. This is unlike the West, where they share details through a Traffic Light Protocol report and try to mitigate it.
Q How safe are our systems despite having anti-virus and different types of protection in place?
Most banking and finance sectors are not safe from any future cyber-attacks. History has shown that in past there have been attacks on bank and electric grid networks. History has also shown that the anti-virus companies have not been proactive with providing security measures. It takes attacks like these when damage is done on a major scale that they come up with safety measures.
Three years ago, after the concept of a ransomware crept in, anti-virus companies woke up and offered solutions. But as protection against ransomware became available, cybercriminals have created a ransomware and worm hybrid, which shows that they are a step ahead of security guys.
Q What does the worse attack look like, if you may provide a visual example?
If some cyber-criminal creates a worm like the Greendispenser that attacked ATMs in Odisha, which is coupled with a ransomware, it would be disastrous. It would encrypt the ATM, demand money and also take way the entire cash.
