Ransomware kits on the dark web have allowed cybercriminals with little or no technical background to purchase inexpensive ransomware-as-a-service (RaaS) programs and launch attacks with very little effort. Attackers may use one of several different approaches to extort digital currency from their victims.
The global reach and considerable impact of the WannaCrypt (WannaCry/Wcry) ransomware is a wake-up call for organizations and governments around the world. This on-going cyber threat will continue to adapt to take advantage of weaknesses in IT systems and procedures. New variants of this malware may cause even more damage if you do not act immediately. Pradipto Chakrabarty, Regional Director, CompTIA India share his views on ransom attack –
What impact can an attack like this have on a service like Aadhaar?
It is scary to envisage such an attack on the UIDAI. Till now Aadhaar has been predominantly a non-linked service, which means that it contained mostly demographic information of citizens. However Aadhaar is now being migrated towards being linked to bank accounts, income tax and other more sensitive resources. This makes it a huge threat surface for hackers to intrude. Imagine a situation when an intrusion happens through Aadhaar. Since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and makes it unusable unless a “ransom” is paid. As of now the current attack in Europe does not indicate its spread to individual services but one can easily imagine the scale of destruction it can have if a similar incident happens with UIDAI.
What is the risk on something as widespread as Aadhaar getting hijacked this way?
Aadhaar is now getting linked to an individual’s financial services such as bank account, Income Tax Department and PAN. As we move towards a cashless economy the volume of electronic usage will increase and since Aadhaar is linked to your bank account, it is quite possible that in case we are not adequately prepared, the attack can access and lock our bank accounts. The sheer volume of Aadhaar numbers and their linked financial accounts is an indication to the tremendous risk that we run if such an incident attacks the Aadhaar system.
What is a ransomware attack? And what is the damage it can do?
A ransomware attack is when a malware i.e. a malicious software is planted on the network and temporarily stalls users from accessing their systems till the time a specified amount of “ransom” is paid electronically. Usually the ransom demand is in the form of crypto currencies such as Bitcoin whose transaction trail is virtually untraceable. Once the ransom is paid, the files and data are decrypted by the hacker. In most cases the lock down is done through Trojans which are planted into the network system as simple phishing or spam emails. A Ransomware attack can potentially stop critical services from functioning and therefore stakeholders have a very low negotiation power leading to them complying to the “ransom demand” immediately.
What is the current ransomware all about?
The current ransomware attack is perhaps the largest, most widespread and contiguous malware attack in history. Hackers have used a flaw in a Microsoft software to infiltrate unguarded systems. Microsoft had released a patch against this flaw in March but many system administrators failed to patch all computers and the ones which were unpatched became vulnerable to this attack. This ransomware also has the ability to jump from one network to the other prompting some cyber experts to coin a new term, “ransom worm”. Interestingly, this flaw was used by NSA (The National Security Agency of USA) to infiltrate computers across the world. However, NSA had reported this flaw to Microsoft leading to the latter developing a patch for it. Hackers used vulnerable machines within networks of institutions such as NHS, UK (The National Health Services) to lock down electronic medical processes leading to numerous problems.
How vulnerable is India? Can this be extended to India?
When it comes to cyber-attacks, geography is not a demarcating boundary. Therefore we are definitely vulnerable. It entirely depends on the hackers to evaluate their target zones depending on various parameters.
What can be done as a safeguard? Does it need to be done at individual or govt level?
The good news is that attack of this type can be safeguarded. The responsibility lies with both institutions as well as individuals. In the current case, it is very clear that the system administrators failed to secure all the systems on a network with the updated patch leaving them vulnerable to the incident. The institutions or Government should have very strong cyber security and cyber-defense strategy regarding to their security posture. Cyber-defense capabilities, particularly is a mandate as hacking has become extremely easy and pervasive and therefore, to defend the system becomes mission critical activity.
From an individual’s standpoint, we should firstly be aware of the fact that our digital device definitely has a possibility of getting compromised. In terms of best practice, it is always advisable to keep our antivirus updated and lookout for new patches that keeps our software updated. Needless to say, downloading and accessing unauthorized software or websites should be a strict no-no for both personal devices as well as systems within enterprise networks.