Must Know: Ransomware attack
Know what not to do to protect yourself from the latest malware
May 12 will be remembered for one of the most widespread cyber-attacks, which hit two lakh victims globally in over 150 countries, including India. The attack is not sector specific and has hit across government sites, healthcare and the usual IT/ITES. The outcome of the attack was no different from what most attackers seek—disruption and financial gain.
As the name suggests, Ransomware is a malware which prevents users from accessing their PCs by encrypting the data till a certain amount of money is paid as ransom to restore access. Also, if the money is not paid by a certain date, the data will be lost forever. Even after paying the money there is no guarantee that access would be restored. This malware usually spreads through e-mail attachments, infected programs and compromised websites.
A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm. There are many Indian companies that got affected by recent malware attacks. However, not everyone is aware that they were hit by this malware, as there is no law for disclosure against such kind of breach. Says Amit Jaju, Executive Director, Fraud Investigation & Dispute Services, EY India: “In India there are no laws where you are suppose to issue a press release to the government or to the general public saying that your bank or your company got breached, but in countries like US and UK there are disclosure norms where you need to immediately disclose that you have been breached as your customer can at least safeguard their data.”
How to respond to a Ransomware attack?
Ransomware targets and encrypts 176 file types. Some of the file types WannaCry ransomware targets are database, multimedia and archive files, as well as Office documents. In its ransom note, which supports 27 languages, it initially demands USD 300 worth of Bitcoins from its victims—an amount that increases gradually after a certain time limit. The victim is also given a seven-day limit before the affected files are deleted—a commonly used fear-mongering tactic.
Trend Micro Incorporated, a global leader in cyber security solutions, detected and monitored WannaCry since its emergence in the wild in April, 2017. Says Sharda Tickoo, Technical Head at Trend Micro, India: “The Ransomware exploits vulnerability in Server Message Block (SMB) server. Patching is critical for defending against attacks that exploit security flaws. A patch for this issue is available for Windows systems, including those no longer supported by Microsoft. When organisations can’t patch directly, using a virtual patch can help mitigate the threat”
Deploying firewalls, detection and intrusion prevention systems can help reduce the spread of this threat. A security system that can proactively monitor attacks in the network also helps stopping these threats to individuals, explains Sharda. Besides using an exploit to spread, WannaCry ransomware reportedly also uses spam as entry point. Identifying red flags on socially engineered spam emails that contain system exploits helps. IT and system administrators should deploy security mechanisms that can protect endpoints from email-based malware.
India is seeing a huge surge in Smartphone adoption and with demonetisation it is expected to take off in the near future. Says Surendra Singh, Country Director, Forcepoint: “Users should download apps from legitimate app stores only. While malicious apps can find their way into legitimate app stores, it is less likely the apps are malicious, as both Google and Apple are always checking apps to help protect users. While installing the apps, check if app is asking permissions like access to contacts, text messages, stored password or credit card information. If suspicious do a search about the developer.”
A report from the Internet and Mobile Association of India (IMAI) and market research firm IMRB International says the number of Internet users in India is expected to reach 450-465 million by June, 2017 up by 4-8 per cent from 432 million in December 2016. Like our interactions with others rely on trust and reputation, our online interactions should be no different. Reputed websites won’t send emails from free webmail accounts to creating websites on obscure URLs. Always check on URL links before clicking them and if suspicious, go directly to the organisation’s website.