While organisations and networks in over 150 countries were crippled by the WannaCry ransomware outbreak, India escaped from the malware spreading and causing damage, thanks to the timing of the incident, with offices being shut during the weekend. By Monday morning, everybody had become alert and it averted a lot of damage, Sanjay Katkar, MD and CTO of Quick Heal Technologies, an IT security solutions provider, said. Since Monday, Quick Heal has been receiving distress calls from customers but it was not clear whether they were affected or not, as this was not being disclosed by those calling, Katkar said.
Quick Heal detected over 48,000 attempts of WannaCry ransomware attack in India. Kolkata tops the list of cities with maximum detections, followed by Delhi, Bhubaneswar, Pune and Mumbai. The top five states with maximum detections are West Bengal, Maharashtra, Gujarat, Delhi (including NCR) and Odisha. Among the attempted attacks, 60% were targeted towards enterprises and 40% towards individual customers. In case of an attack, Katkar advises companies or users not to pay any ransom as this would go in funding the next attack.
“Hackers who are successful in collecting money will re-invest into new technologies. People who pay are funding the next attack,” warns Katkar. Protection was available if the users updated the anti-virus software and the patch was made available on March ’17 but many did not update their systems, Katkar said. Soon after the ransomware attack was spotted, Quick Heal Security Labs issued an advisory informing customer on ways to reduce the risk of infection by
WannaCry Ransomware. Quick Heal has also organized a webinar to educate businesses on how to protect their organization from the WannaCry Ransomware on Wednesday, May 17 at 4 pm. This kind of an incident helps increase awareness about security but their experience was that people go back to business as usual in quick time, says Katkar. This threat indicates people not serious about security but security has to be priority if they want to protect data, he said.
Outdated operating system and failure to use anti-virus software makes them vulnerable, he said. Some of the software in the enterprise could be running on older systems especially in the manufacturing sector and a shift would need upgrading hardware so they could be continuing with old systems, Katkar said. Banks in the country that have outsourced some of their systems/ functions to third-party service providers need to take a re-look at the security at their vendors especially their ATM networks, he said.
The retail user are also casual so vulnerability is more on this front. A lot of data moving on the mobile phones and people are connected 24/7 on the net but the market is not keen on paying for security their phones so mobile security is not picking up, Katkar said. “Given their profitability, ransomware attacks are predicted to increase in the coming quarter. There can be a drastic increase in the number of Locky samples being distributed via spam emails or exploits. Ransomware-as-a-Service (RaaS) type attacks may increase due to its user friendliness,” a Quick Heal Security Labs Q12017 threat report had warned.