WannaCry Ransomware Attack & What INDIA should learn from it?

First and foremost, some basics. Ransomware is a tool/software that loads into one’s PC without genuine authorization, runs their encryption code, and displays a pop-up demanding money to decrypt the file in exchange for money.

In the case of WannaCry, it is BitCoin, a cryptocurrency, used as an alternative for real money. The current value of 1 BTC is $1904/- , which amounts to ₹1,25,000/- in Indian Money. Anyone can have a BitCoin Wallet to Mine, Earn, Transfer, Receive, Trade money over the net, and there is no need to pay any taxes to the government. The fun part is that BitCoin is LEGAL in most countries. What makes cryptocurrency unique is the blockchain mechanism of transaction. To understand it in simple terms, Mike Bullok explains the concept of blockchain in simple terms in a LinkedIn Article. However, here is an extract of the same.

Block Chain as explained by Mike Bullok

Wait! They are all recorded and ledgered? Then, what’s the catch here? Why is it hard to find the person. Well, The blockchain method of transaction is alone transparent and anyone can view who has howmuch bitcoin and verify each and every transaction. But, The Bitcoin Wallets are not associated with the identity of the person using it. So, it can be split into fractions and sent to thousands of account and used for multiple transactions, or use it off completely in the Dark Web.

In simple terms, it is totally next to impossible to find the actual owner of the Bitcoin wallet unless and until he/she withdraws the money into real currency.

How much is the ransome?

0.15780 BTC / 300 USD / 20,000 INR — I would say that its a pretty good deal considering the fact that the affected computer was used by a person who has no common sense or was busy watching illegal content online. 200 USD for a Knowledge by Experience, is not a bad call. And, they keep up the word, around 22 lakh rupees have been received by the ransomware maker via BitCoin, and there has been no reports of not keeping up the promise.

Below is a conversation that was happening for ThunderCrypt, a previous version of WannaCry, that demanded money, but when contacted and said the inability to pay money, the hacker decrypted the files just for a cup of coffee.

What impact on India?

MalwareTech’s Tracking Bot denoting infected regions

• Mr.Ravi Shankar Prasad, Minister of Electronics and Information Technology says that ransomware virus had ‘Nearly Zero’ impact in India.
• Close to 50,000 systems were detected to be infected by WannaCry in India alone, as reported by Quick Heal.
• No, ATMs were not shut-down due to the attack. It was a hoax.
• TTD of Tirumala, was affected by 30 odd PCs, good for them, they had backups and were also 100% uptime. No issues faced.
• Only 4 government agencies have reported issues of Ransomware.
• 100s of affected customer PCs were Pirated Software, and were unreportable officially. However, there were hues on Social Media about everyone who were affected.

Any solution?

There is all ranting about SMB Server patches, much like a vaccine, but there is still no viable solution from anyone. However, a French security firm has created a tool called WannaKey, which tries to find the local decryption key from the infected PC, and tool is to be run while the infected PC hasn’t been restarted. There are yet limitations, and, Matt Suiche has a live blog running with all updates related to it. Its dubbed to be working fine with Windows XP to Windows 7.

What INDIA, as a government needs to learn from this attack?

Apart from the constant denial of any such cyber-attack in India, that happened on a global level. The Indian Government should pay attention to the following aspects:

• Invest in good infrastructure, such as RAID backups.
• Use genuine softwares, and let the users work in a controlled environment.
• Enforce Employee Monitoring softwares on employees to ensure that they are doing the work intended, and not browsing websites and inviting trouble in the form of virus or adware. Furthermore be strict on Corporate Usage Policy, thereby limiting the risk of data theft or misuse.
• It is about time, the Cyber Law is updated, and special courts are set-up to deal with Cyber Crime cases.
• Indian Computer Emergency Response Team (CERT-In) needs to stay atop on these informatics, and give us real data on the ongoing threat.
• Botnet Cleaning and Malware Analysis Centre aka Cyber Swacch Kendra has been standing as a static page with reference to generic information and nothing much. I hope the MeitY truly works on this.
• Reporting of cyber-crime or cyber-incident should be made easy, the standard process of seeing cyber-crime a normal criminal offence and taking the physical track is high inefficient.

What INDIA, as Indians should learn?

Fun Fact: 95% of PCs of Wanna Cry virus were infected from Porn Websites.

• ‘Buy’ softwares if you really care about flexibility & security. Else, shift to a Linux based environment.
• Understand the common difference between a site’s pop-up and advertisement pop-up. Try to me more smart and use an AdBlocker.
• Don’t download everything that comes to you. Analyze if it is a genuine attachment or a fake one.
• Scan your PC with free antivirus tools such as KasperSky, Quickheal, or NOD32, once in awhile to keep yourself safe.
• Disable Autorun using 3rd party softwares like TweakUI.
• Learn to download genuine softwares from authentic websites, and not from 3rd party sites, which infuse adwares to the softwares and blot your PC with unnecessary tools.