Ransomware chronicles: WannaCry and its tryst with India

Touted to be the largest ransomware attack in history, WannaCry has already crippled several. How is India faring?

On Friday, when a ransomware named Wanna Decrypter struck U.K.’s National Health Service, little did the world anticipate that this would turn out to be the biggest cyber-attack in history and will cripple more than 200,000 machines all around the world.

Interestingly, the attackers have simply adapted an existing version of this worm which was leaked by a group, Shadow Brokers in March and again, in April. The worm, WannaDecrypter, infamous as WannaCry is rumoured to have been used by US National Security Agency and is not complex or sophisticated in itself. However, the latest version has one advantage: it infects other computers using an existing vulnerability in Windows’ SMB portal.

India has a long drawn history of concealing cyber-attacks of any kind in the fear of “ruined reputations.” Case in point, the debit card breach that shook the Indian banking system in October 2016. Despite analysts and several companies calling out on India being badly affected by WannaCry, Computer Emergency Response Team (CERT) maintains that the country is not as affected as Europe and Russia. CERT claimed that very few incidents have been reported, as of Monday.

Here’s a rough sketch of how things unfolded in India after WannaCry was unleashed on the World Wide Web.

1. On Saturday, in a blog, security company QuickHeal, claimed that out of the 3,000 odd attacks detected by the company, almost 2,500 were from India. It later said that more than 48,000 systems were infected.

2. While 60 percent of these attacks in India are targeted at enterprises, the rest are targeted towards individuals, claimed QuickHeal.

3. More than 100 computers across 18 police stations in Andhra Pradesh police were hacked on Saturday but the impact was minimal because their FIR and other data is stored offline.

4. Computers of panchayat offices of Kerala’s Wayanad and Pathanamthitta disctricts had to be disabled on Monday due to the cyberattack.

5. The ransomware also infected four offices of the West Bengal Electricity Distribution Company on the same day, bringing their billing centers and all other activities to a standstill.

6. Monday also saw 120 computers belonging to the Gujarat government’s WAN being infected, albeit without the loss of any valuable data, claimed a government official.

7. Today, on May 16, 23 computers of the Southern Railway Divisional Office in Kerala’s Palakkad district were disabled after being attacked by WannaCry. However, none of the services were affected.

8. Despite the fact that 80 percent of Indian ATMs run on outdated Windows XP, cybersecurity experts claim that they might escape this attack because of the fact that they run on a firmware with the bare minimum functions.

9. On May 17, famous temple Tirumala Tirupati Devastanam (TTD) announced that its computer systems have been compromised to WannaCry with about 10 administrative computers affected.

This story will be updated as and when new information is available.