Although some officials are downplaying the impact of the WannaCry ransomware outbreak in India, it apparently had a big, if not yet clearly defined, impact on some organizations. And even more important, the cyberattack could serve as a wake-up call, jolting the nation into taking cybersecurity more seriously. (See: Is WannaCry the First Nation-State Ransomware?)
See Also: Threat Intelligence - Hype or Hope?
"While all the press put the limelight on this attack and how it spread, no one's talking about how this might have been used in the past two months since it was uncovered to gain unauthorized access to some of these networks."
But security sources tell me that about 102 systems at Andhra Pradesh police, Indian banks, manufacturing companies, research labs, colleges, fast-moving consumer goods companies, chartered accountants and in the hospitality industry were impacted.
And independent research by Quick Heal Technologies, a cybersecurity firm, shows that about 48,000 computers in India were infected with the ransomware WannaCry, with most incidents in West Bengal.
Many affected organizations and their managed service partners responded well to the ransomware outbreak, says the senior practitioner of a managed security service provider for large enterprises. Requesting anonymity, he reports that most of the firm's partners took action based on alerts and advisories from CERT and other sources.
"As we analyzed it wasn't a multi-vector attack, it was easy to provide updates and patches on the customer environment," he says.
India's Quick Response to WannaCry
It was good to see India's government agencies as well as organizations in various business sectors respond quickly to the ransomware outbreak. Hopefully, this is a sign of things to come.
For example, for the first time in CERT-In's history, it issued a red alert and offered a detailed webcast about how protect systems and handle the crisis. (See: Ransomware: Will CERT-In Advisory Help Mitigate Risks?)
"We reached out to all customers across Asia Pacific and deployed additional resources and bandwidth in patching systems as required and upgrading Windows in a phased manner - all done over the weekend," the managed service partner says.
In addition, DSCI, RBI, Kerala Police and MeitY issued timely advisories on the ransomware and action to take. Plus, the Reserve Bank of India directed all banks to not operate on their networks ATM machines running Windows XP - many of the over 200,000 ATMs in the country run on that operating system - unless they are patched for the vulnerability (see: Wannacry Outbreak, Microsoft Issues Emergency XP Patch ).
No security incident in memory has triggered so much prompt action. And that's a good sign.
Where Does the Road End?
Sahir Hidayatullah, CEO of SmokeScreen, points out that while the reponse to WannaCry was encouraging, India still has lots of work to do when it comes to cybersecurity.
"While all the press put the limelight on this attack and how it spread, no one's talking about how this might have been used in the past two months since it was uncovered to gain unauthorized access to some of these networks, which the attacks demonstrate were vulnerable," he says.
Some argue that because so many organizations in India use pirated - rather than licensed - software, the patch management techniques won't really have an impact and vulnerabilities aren't plugged (see: WannaCry Shows India Needs Better Incident Reporting).
Key steps that organizations need to take to help mitigate the threat of ransomware and other attacks include:
- Use the Cyber Swachhta Kendra government portal to get regular updates on how to clean up your system and technical audit support;
- Routinely report breaches so others can learn from the incidents;
- Establish a sender policy framework, domain message authentication reporting and conformance and domain keys ID.
- Perform frequent technical security audits across all systems and not just focused on compliance.
Despite initial reports, India is still extremely vulnerable to WannaCry. The country still needs to develop a systematic approach to training experts to monitor cyber threats and send alerts. The government and corporations alike need to hire well-trained staff with good data compilation and analytical skills to help in the battle against attackers.