A red-coloured ‘critical alert’ was issued by the Computer Emergency Response Team of India (CERT-In) on Saturday, the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
“It has been reported that a new ransomware named as WannaCry is spreading widely. WannaCry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of server message block (SMB)in Windows systems.
“This exploit is named as ETERNALBLUE,” an advisory issued by the CERT-In, accessed by PTI, said. It said the ransomware called ‘WannaCry’ or ‘WannaCrypt’ encrypts the computer’s hard disk drive and then spreads laterally between computers on the same local area network (LAN).
“The ransomware also spreads through malicious attachments to emails,” it said.
CERT-In has alerted vital institutions including RBI, stock markets and NPCI against the WannaCry ransomware cyber-attack that has infected thousands of systems globally. It has issued a list of do’s and dont’s to these agencies and advised installation of relevant “patches” to protect against any data breaches.
According to official sources, the government has made necessary arrangements to handle the situation.
“No major incident of cyber-attack has been brought to the notice of Indian Computer Emergency Response Team (CERT-In) yet,” they added.
Reports suggest that nearly 100 countries, including India, were hit by the massive cyber-attack. Once infected, users are asked to pay $300 worth of cryptocurrency Bitcoin to retrieve their files.
As per the advisory, the ransomware infects other computers on the same network and is also spreading through malicious attachments to e-mails.
The cyber-attack was first reported from Sweden, Britain and France, the US media outlets reported.
An increase in activity of the malware was noticed on Friday, security software company Avast reported, adding that it “quickly escalated into a massive spreading”. Within hours, over 75,000 attacks have been detected worldwide, the company said.
In Spain, major companies including telecommunications firm Telefonica were infected. The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers.
Security firms have suggested that users immediately disconnect the infected device from the local network to contain the infection.
“Also, report the incident to the appropriate local law enforcement authority. Each country handles incidents of electronic crime differently, but in general most national law enforcement agencies urge companies to report incidents and avoid paying any ransom demanded,” F-Secure Asia Pacific Head (Corporate Business) Amit Nath said.