WannaCry ransomware cyberattack fails to paralyse India; some businesses hit
A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, US on May 15, 2017.
Barring sporadic incidents in a few states, most institutions and industries across India continue to remain insulated from the effects of the ‘WannaCry’ ransomware cyberattack that has affected computers in approximately 100 countries worldwide. Banks, government departments and corporate houses have issued messages of caution and reinforced online security. However, business was unaffected as markets and offices opened on Monday after a weekend during which ripple effects of the malware were witnessed across the globe. For now, the RBI has asked banks to operationalize their ATM networks only after software updates are installed. The social network was abuzz with talk on Monday that ATMs in many places were not functional. However, bankers said this was likely because the machines had run out of cash. Corporate houses urged employees to back up their data and refrain from opening unfamiliar file attachments. “We are also urging all Windows users to install software upgrades and firewalls,” said the IT head of a media group. The broking and mutual fund industries were not affected by the malware attack, said top officials. “All exchange operations went on normally,” said Ashishkumar Chauhan, MD & CEO, BSE.
Among cities in which sporadic attacks were reported are Ahmedabad, Vadodara, Chennai and Kolkata. Dhananjay Dwivedi, secretary in there Gujarat government, said there were 120 incidents across the state. “However, there is no harm on government functioning,” he added. In Kerala, computers in panchayat offices in Wayanad and Pathanamthitta districts were affected. “The staff found Microsoft Word and MS Office files inaccessible,” said Thariyode panchayat president Reena Sunil. Meanwhile, the Oragadam, TN, factory of alliance partners Renault & Nissan restarted production on Monday after a disruption on Saturday. The attack had affected production of 1,200 vehicles. In Gorakhpur, UP, a motorcycle dealer was asked to pay $300 to access files on his PC in a pop-up on Saturday. Computers in at least three locations in West Bengal, including those of a power discom, also came under attack. “The disruption caused was local. It did not affect power distribution, customer data or commercial operations,” said West Bengal State Electricity Distribution Co Ltd MD Rajesh Pandey.
Vidarbha sizzles, Nagpur records hottest 2017 day
NAGPUR: Nagpur was the fourth-hottest in India on Monday at 46.2 degrees Celsius. Banda in Uttar Pradesh was hottest at 47 degrees Celsius followed by Khajuraho in Madhya Pradesh at 46.6 degrees Celsius. Brahmapuri in Vidarbha region recorded 46.5 degrees Celsius. Monday’s temperature in Nagpur was nearly two degrees more than that on Sunday. It was Nagpur’s highest this season. Though the day temperature soared in Nagpur, minimum was 27.9 degrees Celsius, 3 degrees less than normal. The all-time high in May for Nagpur has been 47.9 degrees Celsius for (May 23, 2013) and second highest has been 47.8 degrees Celsius (1954). Wardha was third-hottest in Vidarbha at 45.5 degrees Celsius.
Crime graph dips, even snatchings and robberies down
NEW DELHI: Going by the numbers released by Delhi Police, crime seems to have declined in the first four months this year as compared to 2016. While murders and rapes-which are the prime indicators of the crime situation in the city-have dipped, even snatchings and robberies have gone south as well. Moreover, this is the first time in the last few years that vehicle thefts have gone down, though marginally. From 12,784 thefts reported between January and April in 2016, the figure stands at 12,666 in the corresponding period this year. While 164 murders were reported early last year, this year the number is 158 till April 30.This is a pleasant change as compared to the sudden spike in murders in the first two months of 2017. This year, 647 rapes and 1,110 molestation cases have been lodged as compared to 685 rapes and 1,443 molestations reported till April 30 last year. Snatching, the prime indicator of street crime, has also seen a fall from 3,378 in 2016 to 2,923 in 2017 in the first four months. The total number of heinous crimes has dipped from 3,071 to 2,131. Even the roads seem safer as 433 fatal incidents have been reported this year as compared to 528 cases reported till April 30, 2016. Robberies have seen a dramatic fall from 1,959 to 1,081and dacoities have fallen from 17 to 14. Kidnapping for ransom has dipped from 9 to 6 in the first four months.
Officers attribute the dip in crime to several factors, including enhanced patrolling and a more visible police force on the streets. Another major contributing factor, officers said, is police commissioner Amulya Patnaik‘s engagement with all ranks of the force. Be it special commissioners or beat constables, the top cop has ensured that he reaches out to everyone. Patnaik also showed a rare gesture by meeting beat cops, the backbone of the force, in south Delhi two weeks ago. Apart from lauding the efforts of officers, Patnaik has fixed accountability for lapses as well. With zero tolerance on corruption, the police chief has ensured that all supervisory officers are held responsible for their respective jurisdictions. Special commissioners (law and order) and joint commissioners of all ranges have been asked to engage in on-the ground policing. This precedent has clearly reflected in the crime figures. Patnaik now wants to make public transport safer for women after dark. He said that monitoring systems would be set up to keep a check on drivers of public service vehicles. It would the force’s priority to ensure safety of women who usually travel alone.
Ransomware attack: Karnataka banks, ATMs stay insulated
BENGALURU: Precautionary measures like installation of the latest antivirus patches and adherence to advisories from the ministry of electronics and information technology have helped Karnataka banks stay insulated from WannaCry, the ransomware that has caused havoc since Friday. Bank staff worked overtime on Saturday and Sunday to secure their systems. Even ATMs remained unaffected. “We were quick to respond. As soon as we received the alert, we decided to work over the weekend. As a result, business at bank branches and ATMs in the state remained normal on Monday,” MM Chiniwar, general manager of Canara Bank, Bengaluru Circle, told TOI. The Computer Emergency Response Team of India (CERT-In), a nodal agency, issued a critical alert on Sunday to all organizations, including banks, asking them to take precautionary measures against the ransomware.
The ransomware has taken over thousands of systems across the world — locking them down and demanding a ‘ransom’. Systems using Windows XP have been the worst affected. As the malware was expected to encrypt the hardware disk of a computer before spreading to other systems on the local area network (LAN), banks were asked to install the latest antivirus patches. A senior official in the IT department of State Bank of India said the antivirus was centrally installed in the bank’s headquarters in Mumbai and all 3,300 ATMs in Karnataka were safe. However, some of the ATMs are not dispensing cash, thanks to the shortage of supply, which has nothing to do with the malware, officials said.
Derailment of Yercaud Express throws traffic out of gear on Chennai section
VELLORE: Several express and passenger trains have been running late along Chennai section after the Yercaud Express derailed near Arakkonam Railway Station during the intervening night of Sunday and Monday. It added to woes of the public who chose to use the train services after the trade unions of Tamil Nadu State Transport Corporation launched an indefinite strike demanding wage revision and settlement. Officials of the Southern Railways said the engine and three coaches (a sleeper coach and two unreserved coaches) of the Erode-bound Yercaud Express derailed near the Arakkonam Railway Station at 12.02 am on Monday. Since then, the traffic along the line was hit badly. The accident took place when the train approached Arakkonam home signal, just 100metres before railway station. The loco pilot applied emergency brake and stopped. The loco pilot then started the train and it derailed just before the station. Since the train was moving slowly, a major accident was averted. Passengers escaped without injuries, according to a release from the Southern Railway. The officials detached the other coaches from the derailed engine and three other coaches. It resumed journey with a new loco at about 5.05 am from Arakkonam station.
The early morning trains plying between Chennai and Bengaluru, Mangalore, Erode and other destinations have been delayed by more than three hours. “We have removed the coaches and commenced clearing the loco by 2.30 pm. Since the derailment disrupted traffic on the line, other express and passenger trains bound to Bengaluru, Coimbatore and other areas were detained at various places for more than two to three hours,” said an official. Brindavan Express (train no. 12639) was running late by five hours. It was scheduled to pass through Arakkonam Station within 1.10 hours after starting at 7.50 am at Chennai Central Railway Station. More than 15 trains bound to Chennai since early morning had also delayed by more than an hour. General Secretary of Arakkonam Rail Passengers Association J K Ragunathan said all the 70 electric multiple unit trains plying between Chennai and Arakkonam Stations have been cancelled, putting the regular commuters to hardship. He also charged that the railway officials and employees commenced work to remove the derailed engine and coaches two hours after the incident. They have also failed to provide basic amenities to the railway passengers who were stranded in the railway station for over four hours.
An alert researcher, teamwork helped stem huge cyberattack
LONDON: The cyberattack that spread malicious software around the world+ , shutting down networks at hospitals, banks and government agencies, was thwarted by a young British researcher and an inexpensive domain registration, with help from another 20-something security engineer in the U.S. Britain’s National Cyber Security Center and others were hailing the cybersecurity researcher, a 22-year-old identified online only as MalwareTech, who — unintentionally at first — discovered a so-called “kill switch” that halted the unprecedented outbreak. By then the “ransomware” attack had crippled Britain’s hospital network and computer systems in several countries in an effort to extort money from computer users. But the researcher’s actions may have saved companies and governments millions of dollars and slowed the outbreak before computers in the US were more widely affected. MalwareTech is part of a large global cybersecurity community, working independently or for security companies, who are constantly watching for attacks and working together to stop or prevent them, often sharing information via Twitter. It’s not uncommon for them to use aliases, either to protect themselves from retaliatory attacks or for privacy.
In a blog post Saturday, MalwareTech explained he returned from lunch with a friend on Friday and learned that networks across Britain’s health system had been hit by ransomware, tipping him off that “this was something big”. He began analyzing a sample of the malicious software and noticed its code included a hidden web address that wasn’t registered. He said he “promptly” registered the domain, something he regularly does to try to discover ways to track or stop malicious software. Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proof point, was doing his own analysis. The western Michigan resident said he noticed the authors of the malware had left in a feature known as a kill switch. Huss took a screen shot of his discovery and shared it on Twitter. Soon he and MalwareTech were communicating about what they’d found: That registering the domain name and redirecting the attacks to MalwareTech’s server had activated the kill switch, halting the ransomware’s infections. Huss and others were calling MalwareTech a hero on Saturday, with Huss adding that the global cybersecurity community was working “as a team” to stop the infections from spreading. “I think the security industry as a whole should be considered heroes,” he said.
But he also said he’s concerned the authors of the malware could re-release it without a kill switch or with a better one, or that copycats could mimic the attack. “I think it is concerning that we could definitely see a similar attack occur, maybe in the next 24 to 48 hours or maybe in the next week or two,” Huss said. “It could be very possible”. Who perpetrated this wave of attacks remains unknown. Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest. These hackers “have caused enormous amounts of disruption — probably the biggest ransomware cyberattack in history,” said Graham Cluley, a veteran of the anti-virus industry in Oxford, England. This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the US, Russia, Ukraine, Brazil, Spain and India. Europol, the European Union‘s police agency, said the onslaught was at “an unprecedented level and will require a complex international investigation to identify the culprits”. In Russia, government agencies insisted that all attacks had been resolved. Russian Interior Ministry, which runs the national police, said the problem had been “localized” with no information compromised. Russia’s health ministry said its attacks were “effectively repelled”. The ransomware exploits a vulnerability in Microsoft Windows+ that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. Hackers said they stole the tools from the NSA and dumped them on the internet.
China hit by cyber virus, Europe warns of more attacks
The WannaCry “ransomware” cyber-attack hobbled Chinese traffic police and schools on Monday as it rolled into Asia for the new work week, while authorities in Europe said they were trying to prevent hackers from spreading new versions of the virus. In Britain, where the virus first raised global alarm when it caused hospitals to divert ambulances on Friday, it gained traction as a political issue just weeks before a general election. The opposition Labour Party accused the Conservative government of leaving the National Health Service vulnerable. Shares in firms that provide cyber security services rose with the prospect that companies and governments would have to spend more money on defenses. Some victims were ignoring official advice and paying the $300 ransom demanded by the cyber criminals to unlock their computers, which was due to double to $600 on Monday for computers hit by Friday’s first wave. Brian Lord, managing director of cyber and technology at cyber security firm PGI, said victims had told him the hackers offered good service, with helpful advice on how to pay: “One customer said they actually forgot they were being robbed”. But the hackers do not appear so far to have been well rewarded: only about $50,000 has been transferred to their online wallets so far, according to Elliptic Labs which tracks transactions using the internet currency bitcoin.
Although the virus’s spread was curbed over the weekend in most of the world, France, where carmaker Renault was among the world’s highest profile victims, said more attacks were likely. “We should expect similar attacks regularly in the coming days and weeks,” said Giullaume Poupard, head of French government cyber security agency ANSSI. “Attackers update their software … other attackers will learn from the method and will carry out attacks”. Companies and governments spent the weekend upgrading software to limit the spread of the virus. Monday was the first big test for Asia, where offices had already mostly been closed for the weekend before the attack first arrived. British media were hailing as a hero a 22-year-old computer security whiz who appeared to have helped stop the attack from spreading by discovering a “kill switch” – an internet address which halted the virus when activated.
SPREAD SLOWING: China appeared over the weekend to have been particularly vulnerable, raising worries about how well the world’s second largest economy would cope when it opened for business on Monday. However, officials and security firms said the spread was starting to slow. “The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days,” said Chinese Internet Security Company Qihoo 360. “Previous concerns of a wide-scale infection of domestic institutions did not eventuate”. Qihoo had previously said the attack had infected close to 30,000 organizations by Saturday evening, more than 4,000 of which were educational institutions. Yang Lin, a journalism student at China’s Zhejiang University of Media and Communications, told Reuters she had lost her work from four years of study. She had just finished revising her thesis late on Friday when her screen went black and the hackers’ message appeared. “I was connected to the university network. I didn’t open any link,” she said. “I just cried. I was afraid to believe it, but had to accept it”. The virus hit computers running older versions of Microsoft software that had not been recently updated. Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks.
In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: the attack made use of a hacking tool built by the U.S. National Security Agency and leaked online. Russian President Vladimir Putin, noting the technology’s link to the U.S. spy service, said it should be “discussed immediately on a serious political level”. “Once they’re let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators,” he said. Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading. Some have also been machines involved in manufacturing or hospital functions, difficult to patch without disrupting operations. “The government’s response has been chaotic, to be frank,” the British Labour Party’s health spokesman Jon Ashworth said. “They’ve complacently dismissed warnings which experts, we now understand, have made in recent weeks”. “The truth is, if you’re going to cut infrastructure budgets and if you’re not going to allow the NHS to invest in upgrading its IT, then you are going to leave hospitals wide open to this sort of attack”. Britain’s National Health Service (NHS) is the world’s fifth largest employer after the U.S. and Chinese militaries, Walmart and McDonald’s. The government says that under a previous Labour administration the trusts that run local hospitals were given responsibility to manage their own computer systems.
WARNINGS GIVEN: Asked if the government had ignored warnings over the NHS being at risk from cyber-attack, Prime Minister Theresa May told Sky News: “No. It was clear [that] warnings were given to hospital trusts”. An official from Cybersecurity Administration China (CAC) told local media on Monday that while the ransomware was still spreading and had affected industry and government computer systems, the spread was slowing. Chinese government bodies from transport, social security, industry watchdogs and immigration said they had suspended services ranging from processing applications to traffic crime enforcement. It was not immediately clear whether those services were suspended due to attacks, or for emergency patching to prevent infection. “If a system supports some kind of critical processes those systems typically are very hard to patch … We don’t have a precedent for something of this scale (in China),” said Marin Ivezic, a cybersecurity expert at PwC in Hong Kong. Affected bodies included a social security department in the city of Changsha, the exit-entry bureau in Dalian, a housing fund in Zhuhai and an industry watchdog in Xuzhou. Energy giant Petro China said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems.
Elsewhere in Asia, the impact seems to have been more limited. Japan’s National Police Agency reported two breaches of computers in the country on Sunday – one at a hospital and the other case involving a private person – but no loss of funds. Industrial conglomerate Hitachi Ltd. said the attack had affected its systems at some point over the weekend, leaving them unable to receive and send e-mails or open attachments in some cases. In India, the government said it had only received a few reports of attacks on systems and urged those hit not to pay attackers any ransom. No major Indian corporations reported disruptions to operations. At Indonesia’s biggest cancer hospital, Dharmais Hospital in Jakarta, around 100-200 people packed waiting rooms after the institution was hit by cyber-attacks affecting scores of computers. By late morning, some people were still filling out forms manually, but the hospital said 70 percent of systems were back online. South Korea’s presidential Blue House office said nine cases of ransomware were found in the country, but did not provide details on where the cyber-attacks were discovered. A coal port in New Zealand shut temporarily to upgrade its systems.