Wannacry encrypts hard disk drive of computers and demands $300 in bitcoins to decrypt
A day after a global cyber ransomware attack, the Indian computer emergency response team of the ministry of electronics and information technology has advised organisations to apply patches to Windows systems. The details of patches, as stated in Microsoft security bulletin MS 17-010, are publicly available.
Ransomware malware is malicious software which, when in contact with a computer or network, encrypts computers hard disk drive and locks the user and demands for a ransom for decryption. In this case, ‘wannacry’ has demanded $300 in bitcoins. Reports claim that the attack seems to taken place across 99 countries—the figure is approximate. European countries, however, are the worst hit.
“It has been reported that a new ransomware named Wannacry is spreading widely. Wannacry encrypts the files on the infected Windows systems. This ransomware spreads by using vulnerability in implementation of Server Message Block (SMB) in Windows systems. This exploit is named as ‘Eternalblue’,” said an advisory on ‘cert-in-org.in’.
The cyber hack tool seems to have been stolen from National Security Agency of the US.
“On May 12, 2017… ransomware began spreading widely impacting a large number of organizations, particularly in Europe,” US based security solutions company Symantec said on its portal. WannaCry, the cyber security firm said, has the ability to spread itself within corporate networks, by exploiting a known vulnerability in Microsoft Windows. “Computers which do not have the latest Windows security updates applied are at risk of infection,” Symantec said.
According to officials at the electronics and IT ministry, so far no ‘wannacry’ cases have been reported. The government organisation is working on developing a ‘removal tool’ to detect the malware and clean the system with Quick Heal, and would soon be making it available on cyberswachhtakendra.gov.in portal.
ICERT, the officials said, is also sharing a list of malicious IP addresses with all government organisations and facilities declared as ‘critical information infrastructure’. Microsoft had released a patch mid-March for the Windows vulnerability being currently exploited by ‘wannacry’. Subsequently, ICERT had advised organisations to upgrade the Windows software with the given patch.
It is understood that it’s not a targeted attack. “Ransomware campaigns are typically indiscriminate,” Symantec believes.
Kaspersky Lab, a Russian cyber security solutions provider, have found 45,000 ‘wannacry’ cases across countries including the UK, Russia, Ukraine, India, China, Italy, and Egypt. “In Spain, major companies including telecommunications firm Telefónica were infected. By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected,” a Guardian report said.
For remedial measures refer here