WannaCry ransomware attack: Ignore rumours, your ATM is safe for now
80% of Indian ATMs operate on Windows XP and uses a firmware that limits the machine’s activities to basics such as dispensing cash and checking the balance. Other activities are blacklisted, which prevent a ransomware from attacking an ATMbusiness Updated: May 16, 2017 10:28 IST
Bank ATMs across India might escape the WannaCry worm global attack that locks computers and demands a ransom, cyber security experts said on Monday.
At least 80% of Indian ATMs operate on Windows XP and uses a firmware that limits the machine’s activities to bare basics such as dispensing cash on request and checking the account balance.
Other activities are blacklisted, preventing a ransomware from attacking an ATM.
Speculation swirled in India over the safety of ATMs after WannaCry crippled more than 200,000 computer systems across 150 countries since Friday.
India’s cyber security agency alerted Internet users against the worm that locks down files of an infected computer and asks the user to pay a ransom of $300 in Bitcoin virtual currency to unlock the system.
The worm takes advantage of a Windows vulnerability that Microsoft released a security patch for in March and computers that hadn’t updated were still at risk.
WannaCry has struck banks, hospitals, government agencies across the globe.
Experts cautioned that this is high time for banks to update the software used in ATMs.
“Most ATMs in India use white-listing services to eliminate threats from malwares and worms within their internal networks. WannaCry doesn’t look like something that will affect the ATMs, unlike personal or corporate endpoints,” said Saket Modi, the CEO and co-founder of Lucideus.
Lucideus is an IT risk assessment and digital security services provider.
The fear of losing money and crucial banking data is palpable as hackers last October attacked a server linked to Indian ATMs and corrupted more than 3 million cards issued by 19 banks.
The attack was on one of the companies that provide the ATM switch — a payment transfer engine that allows the cash dispensing machine’s software to connect to interbank networks.
- Apply the patches to the Windows systems recommended by Microsoft Security Bulletin MS17-010.
- Maintain updated antivirus software.
- Keep and regularly update an offline database of important files. Ideally, backups of data should be maintained on separate devices.
- Organisations connecting to the Internet through Enterprise Edge or perimeter network devices [UDP 137, 138 and TCP 139, 445] should block their SMB ports or disable SMBv1.
- Users and administrators of older Windows systems such as Windows XP, Vista, Server 2008, and Server 2003 should get an update to a newer version.
Most switches are in remote locations, not at the ATM. A bank branch that has an ATM is likely to manage its own switch, but the rest may be maintained by agencies such as Hitachi.
To ensure safety against any breach, the IT ministry has reached out to key stakeholders such as the RBI, National Payments Corporation of India, NIC and Aadhaar-provider UIDAI to protect the digital payment systems against WannaCry.
“The RBI has directed banks to update the Microsoft patch on Friday after news of the ransomware. This helped India’s banking system to insulate against potential threats,” said Sivarama Krishnan, the partner and leader of cyber security at PwC India.