WannaCry Effect: Is India Ready For More Attacks?

by Sohini Bagchi    May 18, 2017


Enterprises are waking up to a new wave of cyber attack as WannaCry spreads its notorious wings. While globally, the ransomwarehits over 2 lakh computers, India was one of the worst hit nations by WannaCry as more than 40,000 computers were affected. However, the threat is far from over. Experts believe that several large-scale, stealthy cyber-attack is underway, the biggest among those linked to WannaCry called Adylkuzz, can  soon assault computers worldwide. And there are many more to come. The bigger question is, are Indian enterprises ready for such attacks and what’s the road ahead for them.

A new wave of attack

The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency, researchers at Proofpoint said in a statement.

Nicolas Godier, a researcher at the computer security firm told AFP, “It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus. Virtual currencies such as Monero and Bitcoin use the computers of volunteers to record transactions. They are said to “mine” for the currency and are occasionally rewarded with a piece of it.

Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.

While the rate of new infections has slowed, researchers at cybersecurity firm said the malware continues to spread rapidly. More attacks could be soon be underway as the hacker group The Shadow Brokers that leaked the vulnerabilities used by WannaCry and Adylkuzz has threatened to publish more.

Is India prepared?

While WannaCry ransomware affected operations at the US health care system and French car maker Renault, it appears to have had less impact on corporate India’s operations. Even as the Centre expressed confidence that WannaCry ransomwarewill have little impact on India, cyber security experts said it is too early to assess the real extent of the virtual attack. Experts believe, the use of pirated or outdated software is rampant among Indian companies, who will not be able to report their losses due to licencing issues.

In fact Altaf Halde, Managing Director, Kaspersky Lab, South Asia mentioned in a statement, “In our research we found that a large percentage of attacks globally by WannaCry happened in India and the country was third on the total number of attacks.”

Read more: Life After WannaCry: How CXOs Can Rethink Cybersecurity

He added that most of Indian organizations are still vulnerable to the attacks since the sophistication of these cyber threats is going up and many of Indian organisations including private and public sector still use outdated operating systems which make it easy for the cyber attackers to compromise the systems. It was also reported that many Indian companies after being attacked by WannaCry paid the hackers.

Another research by conducted Quick Heal Technologies shows that about 48,000 computers were attacked by the ransomware WannaCry, with most incidents in West Bengal and in Andhra Pradesh.

In 2016, India has seen a number of sophisticated ransomware attacks on banks and other entities. Lucifer did strike last year which locked computers of banks and pharmaceutical companies. At least three companies and banks had paid up money in bitcoins to unlock their systems, according to sources. In January, another ransomware by the name of Lazarus had attacked Indian companies. Even SBI and Central Bank, among others were badly hit by such attacks.

A wake up call for businesses?

As cybersecurity threats continue to evolve, ransomware is fast becoming the number one cyber security challenge for businesses, irrespective of their size, location or industry they operate in.

WannaCry is a wake-up call to enterprises and individuals of the need for better Cyber Security. It also raises awareness to alarming levels and demonstrates the impact that a ransomware can bring to enterprises and clearly demonstrates the shift towards financial gain by attackers.

The alarming sophistication of ransomware, marks a paradigm shift in the cybersecurity ecosystem. Safeguarding against outbreaks require organisations to always keep their systems secure.

Unfortunately, the current state of cyber security at most enterprises is not uniformly mature to detect, prevent and respond to these threats in a timely manner. For example, in India, most of the systems are not safe from future attacks. As in case of this attack too, what could be blamed is a lack of awareness and negligence towards a secured cyber system as outdated servers and unpatched operating system were the key cause of WannaCry attacks.

Mukul Shrivastava, Partner, Fraud Investigation & Dispute Services, EY India says, “Many organizations did not update servers with the latest ‘patch’ and block known file types (or websites) which are known sources of the ransomware resulting in virtually no protection against the known threat. Indian organizations are also vulnerable due to most of them using outdated (or not updated) versions of operating systems for business operations.”

“It is imperative that businesses everywhere update their operating systems, their security software and educate their users against phishing attacks. This is a best practice to reduce the risk from any attack,” noted Sunil Sharma, Vice President – Sales at Sophos, India & SAARC.

Moreover, Cyber attack ain’t over yet, India cannot afford to lower its guard, Sanjay Bahl, director general of the Indian Computer Emergency Response Team said in an recent interview with ET [Read the full article here]. Bahl stated in his interview that because smartphones could be the next target for the cyber-attackers, Sanjay Bahl, director general of the Indian Computer Emergency Response Team said.

Read more: 5 Rules For CXOs To Prevent Ransomware

The other important point made by cyber security evangelist Pavan Duggal, at a recent event is that most countries have not given cybersecurity the kind of importance it deserves. The need of the hour is to have an international convention on cyber law and cyber security. Atthe same time attacks can happen any time; the idea is to build a cyber resilience or in other word, how quickly you can bounce back to normalcy.

WannaCry in that sense is just the tip of the iceberg. Enterprises need to reassess the security program and strengthen detection, prevention and response capabilities to counter such attacks. If businesses across the world and in India do not learn the lesson, they have to pay very dearly in the near future.