Ransomware Attack Cripples Computers Worldwide, Even of The Andhra Pradesh Police

Update: The IT Ministry is holding a webcast today at 11 AM about the ransomware attacks & dispel awareness. The webcast on ‘Prevention of WannaCry Ransomware Threat’ will be delivered by CERT-In at http://webcast.gov.in/cert-in/

Europe, Latin America, parts of Asia and FedEx in US have recently fallen prey to a malware attack. The attack is only one of the most recent cases of ransomware attacks where hackers deliver files to automatically encrypt data and make the system unusable until a ransom is paid. The Andhra Pradesh police has also fallen prey to this attack, leaving 25% of their network non-functional.

Police networks in Chittoor, Vizianagaram, Guntur, Vishakhapatnam and Srikakulam districts are down and non-operational. Computers all over India have been affected since today morning. Reports state that a network in Hyderabad has also been hacked.

Dozens of computers were disabled over the world yesterday using a software flaw that was once part of the National Security Agency (NSA) toolkit. Chaos was created online with machines worldwide halting operations, even at the Russian Interior Ministry, Spanish telecommunications giant Telefónica and Britain’s National Health Services (NHS). Even medical procedures at hospitals were interrupted.

While the ransomware hit most of the world, the attack wasn’t reportedly targeted at NHS. The international attack has affected various countries and organisations. The ransomware attack has also managed to dig up the debate is agencies like the NSA should be allowed to collect and use software flaws for espionage instead of alerting the companies to fix these flaws.

NSA previously found a flaw in the Microsoft software, making the hack possible. The agency had then reported the flaw to the company after a security breach had occurred in August. Microsoft has since then fixed the flaw but a group calling itself the ‘Shadow Brokers’ released the details publicly online in April. But the system admins have reportedly applied the patch inconsistently, leaving some systems vulnerable, especially on system running on Microsoft or those with outdated operating systems.

It is unclear who is behind the attacks that have taken place now, but the first known time a hacker group had used the NSA tools was Shadow Brokers. The speed and scale of the malware attack has reportedly startled experts. This is the first instance of such a large-scale international attack. The Shadow Brokers had previously begun to release the entire library of NSA’s powerful hacking tools in August. The releases continued on for a very long time.

The ransomware malware arrived to multiple computers via phising e-mails. The malware continued to spread to other systems on the network once the e-mail was opened. In some cases, the malware was sent to spam mails. The spread of the ransomware can be credited to the special digital code developed by the NSA to allow movement from one unpatched system to another. The malware now has a chance of spreading from these large networks to single users.

The program that was used is called ‘Wanna Decrypt0r 2.0’ and it supports 28 languages. Microsoft released a statement saying they have taken further steps to protect systems against this malware. They had provided a security update in March against the same and those running their free anti-virus programme with the Windows Update enabled are protected.

Moscow-based Kaspersky Lab has detected more than 45,000 attacks of WannaCry ransomware in 74 countries around the world, but mostly in Russia. The actual number of this attack could be much higher. Czech Republic’s Avast states that this ransomware locks computers and sends a ransom note via a text file. The note sent by WannaCry asks for $300 worth bitcoin as digital currency is much difficult to track. The ransom note even states – “Don’t worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users.”

Stay tuned to know how to protect yourself from a ransomware attack.

Information Credit: Telugu 360, NDTV