By now there's a good chance that you've already heard something about the WannaCry ransomware, and are wondering what's going on, and whether your computer is secure. CERT-In India has issued a red alert about WannaCry, or WannaCrypt, in an advisory.
But what is WannaCry ransomware? Is it a virus, and do you need a patch? Here's everything that you need to know about the cyber-attacks, in one simple list.
- WannaCry is a ransomware program targeting Microsoft's Windows operating system. Ransomware is a kind of cyber-attack where hackers can take control of your computer, and keep you from using it or accessing your data until you make a payment to the hackers. If you don't, they can even delete everything.
- On Friday, a large-scale cyber-attack was launched, affecting computers in 150 countries, and in less than a day, researchers observed 57,000 infections.
- The hackers demanded payments of $300 to $600 (roughly Rs. 19,000 and Rs. 38,000) which were to be paid using Bitcoins. The British NHS, international shipper FedEx, telecommunications company Telefonica and others were among the targets.
- In India, computers at Andhra Pradesh's police departments were hacked. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.
- R Jaya Lakshmi, Superintendent of Police, Tirupati Urban, said the 'ransomware' encrypted data in some police stations, adding that they were not able to access data and hackers were demanding ransom in Bitcoins to restore access.
- India's digital security agency, CERT-In has issued a red alert, and advised users and organisations to apply patches to Windows. It added that WannaCry was targeting common file extensions such as PPT, DOC, and TIFF, along with media files such as MP4 and MKV files, and on Monday at 11am is holding a webcast on preventing the WannaCry ransomware threat.
- According to a report, enterprises in Mumbai, Hyderabad, Bengaluru, and Chennai have been affected. Two South Indian banks are also reportedly affected, and possibly also Renault in Chennai, the report noted.
- The IT ministry has also reached out to agencies such as the RBI, the NPCI, and UIDAI, to warn them about the risks associated with WannaCry, and help to secure their systems, in order to make sure that digital payments in India are not affected, reported PTI.
- The ministry has also reached out to ISPs, alerting them to secure their networks, and it has also reached out to Microsoft India to inform all its partners and customers to apply the relevant patches. "The impact has been somewhat contained in India because of the weekend. However, one will have to watch the situation as people return to work tomorrow and access their computers," Kaspersky Lab Head for South Asia Region Altaf Halde told PTI.
- China's official news agency Xinhua said secondary schools and universities were hit, but did not say how many or identify them. William Saito, cyber security adviser to the Japanese cabinet and trade ministry, said some of the country's institutions were affected but declined to elaborate. Two hospitals in Jakarta were hit, according to Semuel Pangerapan, a director general at Indonesia's Communication and Information Ministry. South Korea's Yonhap news agency said one of Seoul's university hospitals had been affected.
- The hackers likely made WannaCry using a piece of NSA code released last month by a hacking group known as the Shadow Brokers, according to security researchers. The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.
- The attack has crippled more than 200,000 computers, and struck banks, hospitals, and government agencies. All this took place over the weekend - the number of affected users is expected to grow now that the work week has begun, and people start logging into their devices.
- Brad Smith, Microsoft's president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack. He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers - not sell, store or exploit them, lest they fall into the wrong hands.
- Infected computers appear to largely be out-of-date devices that organisations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.
- Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
written with agency inputs