Cybersecurity professionals worked round the clock over the weekend, trying o protect corporate clients against what experts are calling the biggest ransomware attack ever, before they open for business Monday morning.
Cyber security firms told ET that though the impact on India from the Wanna-Cry onslaught has been relatively minimal so far, the real test will be on Monday when scores of professionals switch on their work systems.
A malicious piece of software that blocks access to computers until money is paid, ransomware WannaCry is said to have swamped machines in over 150 countries, including India. The hackers, who go by the name Shadow Brokers, are demanding $300 in virtual currency Bitcoin to unblock access to a user's files and had reportedly received over $25,000 till Saturday morning.
India is among the most vulnerable because a large number of organisations and individuals still rely on older, outdated versions of the Windows operating system. The country also has the highest number of pirated software users.
So far, those impacted include systems of the Andhra Pradesh Police, four manufacturing companies, two retailers, the India operations of a multinational, two banks and the Chennai facility of an automaker, according to reports.
Burgess Cooper, partner, cyber security, at audit and consultancy firm EY, told ET the real impact in India had not been felt yet. First intimations of the attack came in the UK at about afternoon local time on Friday, by when the weekend had begun in India. "On Monday morning you could see more activity when people come into work," he said.
Sivarama Krishnan, executive director at PwC, said his team had been working through the weekend alerting and assisting more than 2,000 clients in helping identify and block threats using firewalls. The root is said to be a vulnerability in Microsoft Windows that was exploited by the hackers.
Microsoft did release a patch to fix the issue in mid-March, so organisations and individuals who did not update their systems are at risk.
Cooper said the worst hit are organisations that don't have security "hygiene" in place. "Manufacturing units, healthcare or pharma, energy and utility companies systems designed earlier not to connect to the Internet but are now connected will be highly impacted," he said. Equally vulnerable will be government establishments, he added.
Krishna said that while financial institutions, telcos and large corporates that have stringent security practices will be safe, their branch networks in far flung areas or small and medium businesses may be hit. "There is impact in India and it is not just a handful of organisations, it is much more than that," said Shree Parthasarathy, partner, Deloitte.
He said this was a wakeup call for organisations not investing enough in security since attacks will get more severe in the future. Experts did not divulge names of the organisations that have been hit.
Aruna Sundararajan, secretary, ministry of electronics and information technology (MeitY), said the government had initiated contact with relevant stakeholders in public and private sector to patch systems as prescribed in the advisory issued by the Indian Computer Emergency Response Team (CERT-In).
These include the National Informatics Centre (NIC) for all central and state government systems; Reserve Bank of India, National Payments Corporation of India and Unique Identification Authority of India for protection of the digital payments ecosystem; the Department of Telecommunications to alert Internet service providers for security of the telecommunications network; and Data Security Council of India and Centre for Development of Advanced Computing to circulate advisories to their constituencies so as to cover the industry and users in India, primarily in private sector.
CERT-In has informed all chief information security officers regarding the ransomware and an advisory has been issued. MeitY has also asked Microsoft India to inform all its partners and customers to apply the relevant patches.
Amit Nath, head of Asia Pacific corporate business at F-Secure Corporation, said it was the biggest ransomware outbreak in terms of infections.
"Russia and India were hit particularly hard, largely because Microsoft's Windows XP, one of the operating systems most at risk, is still widely used in the countries." Ankush Johar, director at Human-Firewall.io, a phishing protection company, added that India will be among the top three worst-hit countries. "Phishing is at the heart of this ransomware attack. Humans are the weakest link in cyber security, and this ransomware attack proves that yet again," he said.
The global ransomware attack has reportedly hit the UK's National Health Service (NHS), Spanish telecom company Telefonica and government departments in Russia, Turkey, Germany, Vietnam, Spain and the Philippines. Trishneet Arora, CEO, TAC Security, said manufacturing companies in Mumbai, Gujarat and even jewellery manufacturing companies have reached out to him to safeguard their systems.
Fearing large-scale disruption on Monday, professional cyber security firms such as Arora's have been updating firewalls and trying to clean any possible malware infection before the week opens. The impact is said to be bigger than the CoNFicker attack in 2008 that hit 190 countries.
Akshat Kumar Jain, cofounder of Cyware, also said the risk of infection was high in India given poor individual cyber hygiene.
The government is planning a technical webcast on Monday, said Sundararajan. Details will be announced on MyGov and Social Media.
"The global reach is unprecedented. The latest count is over 200,000 victims in more than 150 countries, and those victims, many of those will be businesses, including large corporations," European Union police agency Europol's director Rob Wainwright said in a TV interview.
"At the moment, we are in the face of an escalating threat. The numbers are going up; I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning."