In May last year, the world woke up to headlines of mass ransomware attacks impacting countries, individuals and organizations. Investigations identified WannaCry as the culprit and proliferation of this ransomware, in a signific antnumber of cases, appeared to have been through a route that most of us tend to overlook – use of expired/pirated software. WannaCry exploited a vulnerability in a commonly used operating system to
spread which can pose a significant risk to businesses and individuals in India, considering the rampant use of expired and/or pirated software.
According to the BSA Global Software Survey 2016, about 58% of software in India is pirated and/or unlicensed. The world average, in comparison, is about 39%. Among organizations, it was found that globally about 25% of software used was unlicensed and this included heavily regulated industries like Banking and Securities. In the past, it has been estimated that at least 65% of victims of all targeted cybercrime attacks, including ransomware, have been small and medium organizations.
India’s experience with Ransomware
Most Ransomware encrypt specific file types on an impacted system and a ransom is demanded for the victim to regain access to these files. In some instances, built-in algorithms identify files created most recently and in others files accessed most frequently. WannaCry is different because it moves across a network without human intervention, and which perhaps is the reason for the ‘epidemic’ like environment it has created.
Prior to WannaCry, there have been several cases of Ransomware attacks in
India in recent times. Many have gone unreported and in several cases the
“ransom” up to over 50 bitcoins has been paid. The results have been
mixed, where in some instances, individuals have got access to their encrypted files and in others the files continue to remain encrypted despite ransom payment.
In our experience a number of individuals, smaller businesses and perhaps
some larger organizations in India continue to use versions of the affected
operating system that are no longer supported by the publisher. As a result any inherent vulnerabilities that were undiscovered or unaddressed at the time support was discontinued by the publisher may continue to exist. Inadequate IT support can also result in critical updates not being applied.
This is further complicated by people using pirated versions of antivirus
software, where virus definitions are not updated and hence, spyware and other forms of malware attacks go undetected.
he result? Loss of confidential data, increased exposure to further
cyberattacks, and increased cost of battling a ransomware attack.
can organizations do to prevent ransomware attacks?
Firstly, organizations need to address infrastructural issues. If business can
benefit from use of. technology, then it is important that cyber security is built into the infrastructure, as the cost of addressing a breach can end up being more expensive than investing in the right mechanisms to create a line of defense.
This includes purchasing and installing genuine operating systems and office applications, mechanisms to track release, and application of security updates and internet security software. In addition, based on business context, measures such as spam filters, firewalls etc. can also be deployed.
Secondly, it is critical that businesses understand that people continue to be the weakest link in cybercrime. While WannaCry’s dependence on people to self-perpetuate is limited, most other malwares, including Ransomware rely on user action to spread.
Employees and other individuals need to be more aware of the dangers that lurk in cyberspace-that no stranger in another country is going to pay you a million dollars, attachments in emails that are .exe, .zip or .scr should generally not be clicked on without checking with the sender, and that one should be wary of emails from unknown addresses whether or not they have attachments or links. Caution should also be exercised while clicking on web links, especially those embedded in emails.
Thirdly, it is critical for businesses of all sizes to have a plan around backing up information residing on computer systems. While large organizations tend to invest in automated backing up mechanisms, small organizations could do something simpler such as backup on external hard drives periodically. This would allow access to most files even if a user’s computer system is locked down due to a Ransomware attack.
However, we believe that this action has resulted in cybercriminals being encouraged to repeat such attacks in the future. It is therefore recommended