Critical infrastructure agencies including banks, airports, telecom networks and stock markets have been asked to take precautions to shield themselves against the crippling global ransomware attack ‘WannaCry’.
Over the weekend, the ransomware hit systems in over 100 countries, including Russia and the UK, in one of the most widespread cyber attacks in history. In India too, there have been reports of some systems of Andhra Pradesh Police being affected.
While India’s cyber security unit CERT-In is yet to receive a formal intimation of any major attacks, it has reached out to all government agencies and public utilities to stay alerted.
The IT Ministry said it has initiated contact with relevant stakeholders in public and private sector to advise them to patch their systems as per CERT-In’s advisory.
‘The stakeholders’ organisations include NIC for all government and state government systems, RBI, NPCI and UIDAI for the protection of digital payment ecosystem, DoT to alert the ISPs for the security of telecommunication network, Data Security Council of India (DSCI) and CDAC,’ it added.
It is also keeping a close watch on the developments on the ransomware and is working in close coordination with all relevant agencies, it said.
Indian Computer Emergency Response Team (CERT-In) Director General Sanjay Bahl said that advisories have already been issued to all Central and state government agencies.
Additionally, a list of do’s and don’ts have been shared with all vital installations and networks, including banks, ‘stock markets, airports, defense, power and public utilities. If people have already taken action and applied the software patch (issued by Microsoft), they need not worry… If they haven’t, they should apply it immediately,’ he told.
The malware infected computers running on older versions of Microsoft operating systems like XP, locking access to files on the computer. The cyber criminals have demanded a fee of about USD 300 in crypto-currencies like Bitcoin for unlocking the device.
Microsoft has introduced a security patch to tackle the situation. Consumers across the globe have been advised to download the solution at the earliest. The US-based software giant has also released updates for Windows XP, Windows 8, and Windows Server 2003.
Bahl maintained that no ‘major’ incidents have been brought to CERT-Ins notice yet, but was quick to add that a full assessment of the impact on the ground can be made only on Monday when people return to work after the weekend. The Andhra Pradesh systems were isolated PCs and not connected to larger networks, he said.
In Spain, major companies including telecommunications firm Telefonica have been infected. The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers.
Reports suggest that over two lakh systems globally could have been infected by the malicious software. Experts fear the situation could further aggravate as a number of computers in India run on the older operating systems and have not been updated yet. EY Partner Cyber Security Burgess Cooper said Indian hospitals could be quite vulnerable to critical infrastructure attacks as they rely on industrial systems that run on old outdated hardware.
Also, the traditional manufacturing sector relies on outdated IT systems that are run on unsupported operating systems and therefore, the risk of creating havoc to the public is higher, he said.