The biggest online extortion of today- Ransomware

On 12^th May, a cyber-attack hit 150 countries and has affected approximately 200,000 computers as of 15^th May. The hack is being termed as the biggest cyber-attack that has ever occurred and is ‘unique’ since the ransomware is being used in combination with a worm (WCry). This means that if a computer is infected by the malicious software, the infection could spread to a number of other computers automatically, through a network.

How did the ransomware start?

It is believed that Shadow Brokers, a cyber-gang with possible connections to the Russian government had initially released the malware claiming that it was a tool being used by the US National Security Agency (NSA) in April. The NSA had developed this weapon, their Eternal Blue to gain access to data of other governments and terrorist groups. The release of the tool was viewed as a possible retaliation for US air strikes in Syria.

The Eternal Blue was then dumped by the Shadow Brokers and was taken over by another cybercrime group who used the software to gain access to computers worldwide and released another software programme called WannaCry, WanaCrypt or WCry. This ransomware locks the system and encrypts the files which can be accessed only on making an online payment using bitcoin. If the payment is not made within a week, the software threatens to delete the data captured. However, there is still no guarantee of getting back the files once the payment has been made. According to reports on 15^th May, a sum of $38,000 has already been paid to the ransomware.

Microsoft had released a Windows security update in March to tackle the threat but many users were still yet to run it. Thus, installing the update now could also reduce the threat to those who haven’t yet been affected.

Global impact of the attack

Some of the first companies to have been affected were Spanish with Telefonica, Gas Natural etc. being hacked. The virus then spread to the National Health Services (NHS) of UK where massive data including MRI and CT scans of patients was encrypted without which further treatment would not be possible. The Russian Interior Ministry confirmed that it been severely hacked and so did companies such as FedEx while Renault factories in France had to stop production. A number of Chinese universities were also affected.

In India, 18 police units in Andhra Pradesh were infected with the software initially and by 14^th May around 100 computers had been affected. However, Gulshan Rai, National Cyber Security Advisor of the Prime Minister has stated that India is no longer under a threat.

The hacker group had also acquired confidential data from Pakistan which the US government was monitoring. They had initially offered to auction the data in exchange of bitcoin but when no buyer turned up, they released the data online.

Assessment

Since the NSA kept the ransomware on software vulnerabilities, it was an easy task for hackers to gain access to the data. Microsoft Windows on computers has been severely infected by the data and hence, it is important for governments to develop and invest more to secure their networks.

Taking the necessary facilities from private companies such as Microsoft was crucial in the matter.

In a world where all major activities take place through the internet, research and development in cyber security needs to be an utmost priority. It is necessary for all nations to provide cyber security to major institutions and industries for confidential information in the country to not penetrate globally.