The entire world has now came up with precautionary majors to protect their digital assets from WannaCry ransomware attacks. This ransomware have attacked over hundreds of countries so far in last four days which is still spreading in other countries.Mr. Pradipto Chakrabarty, Regional Director, CompTIA India is talks on current situation and its impact in India.
Q. What impact can an attack like this have on a service like Aadhaar?
A. It is scary to envisage such an attack on the UIDAI. Till now Aadhaar has been predominantly a non-linked service, which means that it contained mostly demographic information of citizens. However Aadhaar is now being migrated towards being linked to bank accounts, income tax and other more sensitive resources. This makes it a huge threat surface for hackers to intrude. Imagine a situation when an intrusion happens through Aadhaar. Since the user’s bank account is linked with his Aadhaar number, the ransomware can potentially lock down the account and makes it unusable unless a “ransom” is paid. As of now the current attack in Europe does not indicate its spread to individual services but one can easily imagine the scale of destruction it can have if a similar incident happens with UIDAI.
Q. What is the risk on something as widespread as Aadhaar getting hijacked this way?
A. Aadhaar is now getting linked to an individual’s financial services such as bank account, Income Tax Department and PAN. As we move towards a cashless economy the volume of electronic usage will increase and since Aadhaar is linked to your bank account, it is quite possible that in case we are not adequately prepared, the attack can access and lock our bank accounts. The sheer volume of Aadhaar numbers and their linked financial accounts is an indication to the tremendous risk that we run if such an incident attacks the Aadhaar system.
Q. What is a ransomware attack? And what is the damage it can do?
A. A ransomware attack is when a malware i.e. a malicious software is planted on the network and temporarily stalls users from accessing their systems till the time a specified amount of “ransom” is paid electronically. Usually the ransom demand is in the form of crypto currencies such as Bitcoin whose transaction trail is virtually untraceable. Once the ransom is paid, the files and data are decrypted by the hacker. In most cases the lock down is done through Trojans which are planted into the network system as simple phishing or spam emails. A Ransomware attack can potentially stop critical services from functioning and therefore stakeholders have a very low negotiation power leading to them complying to the “ransom demand” immediately.
Q. What is the current ransomware all about?
A. The current ransomware attack is perhaps the largest, most widespread and contiguous malware attack in history. Hackers have used a flaw in a Microsoft software to infiltrate unguarded systems. Microsoft had released a patch against this flaw in March but many system administrators failed to patch all computers and the ones which were unpatched became vulnerable to this attack. This ransomware also has the ability to jump from one network to the other prompting some cyber experts to coin a new term, “ransom worm”. Interestingly, this flaw was used by NSA (The National Security Agency of USA) to infiltrate computers across the world. However, NSA had reported this flaw to Microsoft leading to the latter developing a patch for it. Hackers used vulnerable machines within networks of institutions such as NHS, UK (The National Health Services) to lock down electronic medical processes leading to numerous problems.
Q. How vulnerable is India? Can this be extended to India?
A. When it comes to cyber-attacks, geography is not a demarcating boundary. Therefore we are definitely vulnerable. It entirely depends on the hackers to evaluate their target zones depending on various parameters.
Q. What can be done as a safeguard? Does it need to be done at individual or govt. level?
A. The good news is that attack of this type can be safeguarded. The responsibility lies with both institutions as well as individuals. In the current case, it is very clear that the system administrators failed to secure all the systems on a network with the updated patch leaving them vulnerable to the incident. The institutions or Government shouldhavevery strong cyber security and cyber-defense strategy regardingto their security posture. Cyber-defense capabilities, particularly is a mandate as hacking has become extremely easy and pervasive and therefore, to defend the system becomes mission critical activity.
From an individual’s standpoint, we should firstly be aware of the fact that our digital devices definitely has a possibility of getting compromised. In terms of best practice, it is always advisable to keep our antivirus updated and lookout for new patches that keeps our software updated. Needless to say, downloading and accessing unauthorized software or websites should be a strict no-no for both personal devices as well as systems within enterprise networks.
