Mumbai: ‘WannaCry,’ the ransomware creating panic globally, has made its presence felt in certain city–based companies too. While IT companies sent out emails after seeing traces of the ransomware on their networks, private hospitals including Jupiter in Thane, south Mumbai’s Jaslok were attacked by the malware, which prevents or limits users from accessing their files/system and demands payment in cyber currency (‘bit-coins’) to be able to use them again. In addition, many ATMs in the city were reported shut due to the malware even while RBI denied having issued an official advisory directing the same.
According to experts, the ransomware, leaked out by cyber criminals demanding payment in Bitcoin to grant system access, first struck the city on Friday and has predominantly affected Microsoft’s Windows-based systems. D. Sawant, senior police inspector and an IT expert, said the ransomware has not had a major effect in Maharashtra.
Mr Sawant, who also heads the Cyber Lab in Thane police, explained, “We have already protected our Windows systems and upgraded it, simultaneously we have been issued a circular across the department explaining the ransomware and the precautions. Microsoft too has released a patch to protect the newer windows system.” Brijesh Singh, inspector general of police (cyber) said the Maharashtra state police had issued an advisory regarding the same. “The advisory is in the form of an infographic and tells people how to detect (it) if their system is attacked and what steps need to be taken if attacked,” he said.
A source in Maharashtra police said the cyber sleuths had asked the police department to update their systems. “While we can’t go and check each network, we have asked them to update their systems to avoid an attack,” the source said. Essential services like banks and hospitals faced issues on Friday, after their systems came under attack of the ransomware. An IT expert who helped bring back crippled hospital networks to their feet said, “Some hospitals were among the few affected on Friday. Basic functions like data entry, patient updates could not be accessed and we took nearly five hours to update the systems.”
An employee with the IT department of a multinational bank, who did not wish to be named, said that they received an alert from Microsoft. “We applied the patch they sent and protected our system. We worked for eight hours to get the systems upgraded and sent mails to employees about precautionary measures,” he said. Meanwhile messages stating that the Reserve Bank of India (RBI) had asked banks to shut down ATMs were refuted by the RBI spokesperson, Alpana Killawala. “We have not issued any circular on this matter. All banks’ ATMs are working,” the spokesperson said.
IT companies in the city hurried to send out emails to their employees on Friday asking them to update their systems. An email received by employees of a construction major stated, “The crippling WannaCry ransomware attack, appeared to be showing on Friday Evening on the company network...Kindly note that other locations and project site systems are affected with this virus and systems are damaged.”
Employees from CISCO and Juniper received similar emails but with a precautionary tone. The mail from Juniper, sent on Monday morning in fact, stated, “Juniper Network’s SRX firewall did not allow the attack.”
For Mobile devices
- Turn off applications (camera, audio/video players) and connections (Bluetooth, infrared, WiFi) when not in use. Keeping the connections ‘on’ may pose security issues and also drain out the battery.
- Never allow unknown devices to connect through Bluetooth
- Never keep Bluetooth on continuously
- Never connect to unknown and not trusted networks
- Never keep sensitive information like username/password on mobile phones
- Never forward virus-affected data to other mobilephones
Protect your Desktop/laptop
- Use genuine software and update your operating system
- Ensure that a good antivirus software is installed
- Secure backup data or systems in offline
- Ensure backup data into external drive
- Check option of ‘show hidden file-extensions’
- Filter executable files (.EXE) in email
- Disable files running from AppData/LocalAppData folders
- Use the Cryptolocker Prevention Kit
- Disable RDP (Remote Desktop Protocol)
- Patch or update your software regularly
- Disconnect from WiFi or unplug from the network immediately if you find anything else on computer
- Use System Restore to get back to a known-clean state
- Set the BIOS clock back immediately after a virus attack to restore your computer