Microsoft, quoted by BBC, said that the recent cyber attack that has hit over 150 countries in the last week should be considered as a “wake-up call”. The multi-billion tech giant said that widespread damage had been caused by the software vulnerabilities that have been hoarded by the various governments over the years. The virus used in the process finds and exploits a flaw in one of the versions of Microsoft Windows, something that was first detected by US intelligence. The concern is that experts have predicted bigger attacks on Monday. According to BBC, the virus slowed down during the weekends but still managed to affect more than 2,00,000 computer systems.
Ransomware can be defined as a software (virus), designed with the intent to block the access to any computer system, holding the owner to ransom till the demanded sum of money is paid. The said virus that affected more than 150 countries over the week, is said to have demanded $300 as payment to restore the user’s access to his own computer. Ransomware normally holds the computer in a hostage system, encrypts all your data and prevents all your apps and other software from running. Indian Express reports, that a crypto-ransomware, called WannaCry or WannaCrypt was used to affect various countries, including India on Friday. Like the name Ransomware suggests, The WannaCrypt0r 2.0 bug encrypted all the data within a computer system, putting it under a virtual lockdown and asked the user to pay the said amount by a message on the screen. The ransom amount was $300 in Bitcoins. The hacker group that did this, remains a mystery so far. It is, however, believed that the hackers used America’s National Security Agency (NSA) created “Eternal Blue Hacking Weapon” to take over computers used by terrorist outfits. It must, however, be noted that this programme could only hack into computers dependent on the Microsoft Windows operating system. According to IE, what is interesting is that the programme had been stolen from the NSA by a group that called itself Shadow Broker. The reason, it seemed, that they were unhappy with the US President Donald Trump.
Who stopped the attacks?
The viral attack was stopped by an accidental samaritan, who wanted to be identified only as MalwareTech. MalwareTech is a security researcher, who found the security switch in the form of a link to a domain name. What he then did, was buy the domain name for $10.69, triggering thousands of pings from infected systems and killing the malware. The targets of this ransomware were devices that ran on some form of Microsoft Windows.
How safe are banks and or Aadhar Card info?
Microsoft claims that in March, it had released a security update to counter these exposed vulnerabilities and had urged the users to update their systems. However, in India, for most computers users, regular updates is not a habit. So a user can start by updating the system. Secondly, users have been cautioned against opening attachments that they do not trust. Users have been advised not to click on links that they did not trust to stop the download of software from unknown, unverified sources.
It must also be noted that a majority of ATMs, all over the country run on the outdated Windows XP. Now, while the company claims to have provided updates to check the said malware, it had stopped providing any updates for the Windows XP system in 2014, thus putting the machines at a higher risk.
According to the Pradipto Chakrabarty, Regional Director, CompTIA India, who was quoted by IE, the linking if Aadhar card to bank accounts, income tax and other information increased the threat at the surface. “Since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and make it unusable unless a ransom is paid,” Chakrabarty warned.
A report, attributed to F-Secure states the need for a four-phase approach to this threat: Predict, Prevent, Detect, and Respond. The user should predict the attack by performing an exposure analysis if his system. He could then prevent the attack using the deployment of a defensive tactic, like the one Microsoft had released earlier. In case the attack has already taken place, the user could respond by trying to understand how the hacking took place and detect by looking for the signs of where the intrusion took place and suspicious behaviour.