Govt: No major security breach due to malware

New Delhi: The Centre, on Monday, said that there has been no report of a major br-each in security due to ransomware “Wann-aCry” except for some isolated incidents, even as there were reports that “WannaCry” was slowing down. However, experts are on high alert fearing second round of ransomware cyber attacks.

“There is no major impact in India unlike other countries. We are keeping a close watch. As per the information received so far, there have been isolated incidents in limited areas in Kerala and Andhra Pradesh,” said IT minister Ravi Shankar Prasad. He said the systems run by the National Informatics Centre were secured and running smoothly and a cyber coordination centre will start operating from next month to take precautions against such attacks.

On reports of networks of a few banks being compromised, the minister said he had no such information.

Separately, some reports said that ransomware had infected 10 standalone computers of West Bengal state electricity distribution company. Computers in two panchayat offices in Kerala were disabled by the ransomware, but no major damage was caused.  

Ministry of electronics and information technology secretary Aruna Sundararajan told a news agency the government was constantly monitoring the situation and that a few stand-alone computers of a police department were “back in action” after being infected over the weekend.

“India’s National Informatics Centre, which builds and manages almost all government websites, and the Centre for Development of Advanced Computing, a premier research institute that has built supercomputers, have actively installed patches to immunise their Windows systems,” she said.

India is on high alert, monitoring critical networks across sectors like banking, telecom, power and aviation to ensure that systems are protected against the attack that has claimed victims in more than 150 countries over the weekend.

RBI has asked banks to follow the instructions of government organisation CERT-In to prevent the attack by ransomware, ‘WannaCry’. RBI also asked all banks to put in place a software update at ATMs to prevent their systems from a malware that has attacked payment systems across the world.

Central transmission utility Power Grid said it has put sufficient firewalls to deal with the attack and consumers need not fear sudden outages on that account. Power Grid’s top brass deliberated on the strategy to deal with the ransomware. “Since the Power Grid operations are information technology based, the issue was discussed in detail at a meeting of board members chaired by Chairman and Managing Director I S Jha this morning,” a senior official said. Telecom companies were also on high alert to deal with any situation.

Centre has advised all those who are working in strategic and sensitive fields to use stand-alone computers sans internet to store data and critical information. The advisory has been sent to all those who handle sensitive desks in the ministries of home, finance, defence, external affairs and security agencies as a precautionary measure.

“It’s more of panic situation been built-up..... We have seen customers calling us just to see if the controls are in place. There have been some cases reported, but the number is not significant. Our support lines are jammed, and the team has been working overtime through the weekend,” said Sharda Tickoo, Technical Head at antivirus company Trend Micro, India. She said that there has already been another variant of the ransomware out yesterday, which does not have a ‘kill switch’, making it difficult to contain. “As we speak, it has already started infecting countries in UK and Europe, and has not yet spread to India. What is needed is that organizations have a basic hygiene in place, as the modus operandi of these attacks is through phishing emails,”she added.

Ransomware ‘WannaCry’ has impacted 2 lakh victims in over 150 countries.  After taking computers over, the virus displayed messages demanding a payment of 300 dollars in virtual currency Bitcoin to unlock files and return them to the user.

WannaCry ransomware targets and encrypts 176 file types. Some of the file types WannaCry targets are database, multimedia and archive files, as well as Office documents. In its ransom note, which supports 27 languages, it initially demands $300 worth of Bitcoins from its victims—an amount that increases incrementally after a certain time limit. The victim is also given a seven-day limit before the affected files are deleted—a commonly used fear-mongering tactic.