Ransomware – Beware!

May 30, 2017
By Lt. General P.C. Katoch (Retd)
Former Director General of Information Systems, Indian Army


WannaCry or WannaCry 2.0 the ransomware that struck globally some 150 countries last month affected some 200,000 PCs worldwide. India was the third hardest hit county with close to 50,000 PCs affected. Ransomware attacks are not new but this time the scale was massive. The number of internet users worldwide are estimated around 3.2 billion and their number in India is set to exceed 450 million by end June 2017. So it is natural that ransomware attacks will increase in future, Not that cyber attacks and ransomware are new phenomenon. 1982 was the first major cyber attack causing the Siberian pipeline explosion. Gary Mckinnon, British national breached numerous US government networks for 13 months in 2001-2002 including NSA and pentagon disrupting sensitive communications and causing damage worth hundreds of thousands of dollars. In October 2016, details of over 30 lakh debit cards from leading Indian banks were compromised and leaked from ATMs due to cyber attacks. in December 2016, websites and data bases of seven Indian missions in Africa and Europe were hacked and data reportedly put on line.

In January this year, 'legion' claimed hacking twitter accounts of Rahul Gandhi and vijay mallya, also claiming Indian banking system and Paytm can be easily hacked. As for WannaCry, more than 45,000 attacks were recorded in countries including UK, Russia, India, China, Ukraine, Italy, Egypt and Spain. The malware was put online on April 14 by a group called 'Shadow Brokers' who last year had claimed to have stolen a cache of "cyber weapons" from the US National Security Agency (NSA). Interestingly, Russia accused the US for the WannaCry / WannaCry 2.0 offensive while Neel Mehta, Indian-origin security researcher with Google, found evidence suggesting that North Korean hackers may have carried out the unprecedented ransomware cyberattack; some of the code used in WannaCry software being nearly identical to the code used by North Korean hackers called 'Lazarus Group' that had hacked Sony Pictures Entertainment in 2014 and Bangladesh Central Bank in 2016. Advances in cyberwarfare may be gauged from the fact that according to a recent WikiLeaks report, 85% of global smart-phones have been weaponized by the CIA by using the Android operating system (OS) for spying and that a surveillance technique called 'Weeping Angel' infiltrates smart TVs, transforming them into microphones. Ransomware is a type of malware that encrypts a user's data, then demands payment in exchange for unlocking the data. This attack used malicious software WannaCry or WannaCry 2.0 to exploit vulnerability in Windows. Microsoft had released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable. The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the "payment will be raised" after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email. Pune-based company Quick Heal Technologies detected over 48,000 MS-17- 010 Shadow Broker hits by WannaCry ransomware outbreak in India (West Bengal ranking at the top with most affected computers that fell prey); about 60% of the WannaCry ransomware infiltration attempts were targeted at enterprise systems, while the rest 40% were directed towards individual customers of the security vendor. It is sheer luck that despite antiquated systems, damage was not much, however absence of major hit does not mean that all the systems are safe from future attacks.

Ransomware attacks worldwide rose 167 times in 2016 compared to 2015. WannaCry or WannaCry 2.0 attacks are not the first of this type. Earlier, Britain's healthcare system, National Health Service (NHS), was infected by a ransomware called 'Wanna Decryptor', which prevented patients from making any appointment while demanding ransom to grant access to the system. As per FBI estimates, cyber criminals pocketed $1 billion in USA alone through Ransomware during 2016. A Los Angeles hospital reportedly paid $17,000 to ransomware hackers last year, after a cyber-attack locked doctors and nurses out of their computer system for days. At home, the Ganga Ram Hospital suffered similar breach in March 2016 with three systems infected with malware called Cryptowall that encrypted all data and asked for two bitcoins (worth around $825 at the time) to decrypt it and unlock the systems. The system got infected after an employee downloaded a zipped file with the malware from personal email. Two other machines connected to the system also affected. Later, the hospital upgraded its system to Windows 10 that saved it when the WannaCry cyber offensive came. The fact that 'WannaCry Ransomware' has infected more than 45,000 computers in India should make the government take serious note. Such vulnerabilities will grow exponentially with Digital India where expanding connectivity is taking precedence over cyber security, costs for the latter being a major factor. Security measures must be incorporated during the designing phase of every computing system. There is urgent need for: evaluating the security of computing systems and analyzing the vulnerabilities; developing cross-domain security policies to prevent the spread of malware and subvert the hackers; and, examining possible vulnerabilities that rise from integrating legacy systems with state-of-the-art systems may lead to vulnerabilities. In order to protect the national critical infrastructure in India, as mandated in section 70A amended IT Act 2000, a National Critical Information Infrastructure Protection Centre (NCIIPC) has been set up, and a National Cyber Security Policy was rolled out in 2013. However, we need to get the national infrastructure risk assessed in time-bound schedule for developing a clear policy of public-private partnership in combating such crimes. Additionally, the government should consider establishing a National IT Product Security Test Centre (NIPSTC), which should operate and maintain a National Evaluation and Certification Scheme for IT Security.

The need of the hour is:

  1. To develop a multi-level approach to security that can protect systems at different layers;
  2. Ensure prevention, detection and recovery of systems from attacks for digital security;
  3. Develop mechanisms for software authenticity and integrity;
  4. Pan-India initiatives for cyber literacy, safety and law enforcement policies to educate and integrate the common man.

Sure there is nothing as absolute cyber security but that is no excuse for being lax. Prime Minister Narendra Modi had changed the slogan from 'Look East' to 'Act East'. It would be prudent to switch from 'Digital India' to 'Secure Digital India' and execute the latter with all thoroughness.