Global Cyber Attack- WannaCry

Global Cyber Attack- WannaCry

Question: WannaCry is a …
(a) ransomware that prevents user access to his/her computer and ask for ransom
(b) software for guidance on scientific topics.
(c) mobile app.
(d) name of an online mobile game.
Ans: (a)
Related Fact :

  • On May 12, 2017 a ransomware attack spread wave of concern across the globe. The ransomware, known as WannaCry or WannaCrypt targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin crypto-currency.
  • WannaCry appears to have affected computers that had not applied the patch for these vulnerabilities.
  • The attack was reported to have infected more than 230,000 computers in over 150 countries within a day. Britain’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide.
  • In India reports of possible attacks came from West Bengal, where the State Electricity Distribution Company’s computers were affected. Some ATMs were also shut down as a preventive step. Around 50 thousand systems were estimated to be infected with Wannacry malware in India.
  • According to Kaspersky, a Russian anti-virus company, India was among the countries worst affected by the WannaCry attack. According to initial calculations performed soon after the malware struck on May 12th, around five per cent of all computers affected in the attack were in India. In an attempt to be prepared for the threat, India’s Computer Emergency Response Team (CERT-In) released directives to deal with this particular ransomware.

What is Ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decrypt key.
As the name suggests, Ransomware threatens the user of deleting or publishing his/her data to get a ransom. Hackers can take any action once a device or system is infected and there is no guarantee that paying the ransom will return access or not delete the data.
The biggest threat with ‘Wannacry’ is that it’s more than just a ransomware; it can also be classified as a worm. Being a worm, the ransomware has the ability to spread to different systems running on the same LAN network or even spread through emails.

What does a Ransomware do?
There are different types of ransomware. However, all of them will prevent user from using their PC normally and they ask the user for a ransom. The first documented case appeared in 2005 in the United States, but quickly spread around the world
Ransomeware can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can:
• Prevent the user from accessing Windows.
• Encrypt files so that it can not be used.
• Stop certain apps from running (like web browser).
There are two types of ransomware – lockscreen ransomware and encryption ransomware.
Lockscreen ransomware shows a full-screen message that prevents user from accessing computer or files. It says you have to pay money (a “ransom”) to get access to computer again.
Encryption ransomware changes files so the user can’t open them. It does this by encrypting the files.
Ransomware can get on a computer from nearly any source that any other malware (including viruses) can come from. This includes:
• Visiting unsafe, suspicious, or fake websites.
• Opening emails and email attachments from unknown people.
• Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype etc.
Prevention:
It can be very difficult to restore a computer after a ransomware attack – especially if it’s infected by encryption ransomware.
That’s why the best solution to ransomware is to be safe on the Internet and with emails and online chat.
• Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
• If you’re ever unsure – don’t click it!
• Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Institutional Mechanism to tame cyber attack in India:
The “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre) is a part of the Indian Computer Emergency Response Team (CERT-In). It has been set up for analyzing BOTs/malware characteristics and providing information and enabling citizens for removal of BOTs/malware. In addition, “CyberSwachhta Kendra” also strives to create awareness among citizens to secure their data, computers, mobile phones and devices such as home routers.
CERT-In is the national nodal agency for responding to computer security incidents. Under the Information Technology Act, 2008, CERT-In has been designated to perform functions such as collection, analysis, dissemination of information on cyber incidents and forecast, alert and suggest measures to tackle a situation.

Also Know:
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage hardware, software or files.
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on a system, which is what allows it to travel unaided. An internet worm is a program that spreads across the internet by replicating itself on computers via their network connections.
Encryption is the translation of data into a secret code. Once the data is encrypted it can be read only with the secret key or password that enables to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text.

Reference:
https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx#what
http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html
http://www.cert-in.org.in/
http://www.thehindubusinessline.com/info-tech/wannacry-has-hit-lakhs-of-systems-in-india-kaspersky/article9699976.ece
http://www.businesstoday.in/technology/news/wannacry-ransomware-cyber-attack-vulnerable-india-stay-safe/story/252135.html