Ransomware attack: Govt must issue advisory on prevention tactics
It is high time that system administrators should update defensive security skills and companies and governments roll out strong cyber security and cyber-defence strategiesopinion Updated: Jun 29, 2017 12:39 IST
It was hardly surprising to see another ransomware (a type of malicious software designed to block access to a computer system until a sum of money is paid) attack weeks after the WannaCry attack. The genesis of both these attacks is similar. Both use the Microsoft vulnerability called EternalBlue and both have attacked unsecured institutional computer networks such as the one owned by the National Health Service in Britain and now the owned by the Ukrainian government.
However, there is an important difference. Usually in case of ransomware attacks, the demand is made from users and the email for communication is unique to each user. But in this case, a single email ID had been provided to all the affected users for communication. This could mean that either the hackers were amateurs or this attack is not a ransomware, and was unleashed to destroy important data, not extract money.
These new mutations of malwares are increasingly getting more and more capable and complex in terms of their speed and reach. They are spreading automatically across interconnected networks with minimal or no human intervention.
As of now, the operations at one of the three terminals of Jawaharlal Nehru Port Trust (JNPT), India’s largest container port, has been affected by the global ransomware attack. This is because Maersk, the leading shipping and container firm, has been affected and probably the networks of the two organisations are connected.
It is impossible to predict such attacks. Also, the Petya ransomware is more fluid than WannaCry as the latter was linear and had one way to move from network to network. Petya has the capability to evaluate multiple options and can use another option of attacking if one fails. It is indeed petrifying to imagine a situation if it infects national services such as defence, police, financial institutions and the UIDAI.
Considering this, it is clear that prevention is the best form of attack. It should be the responsibility of all computer and internet users – institutional as well as individuals --- to be prepared for any such future attacks. Through Computer Emergency Response Team of India, the government must issue a “what to do” advisory on prevention tactics to enterprises and individuals.
Most ransomware attacks use “end users” as entry point. In most cases there is nothing that a user can do as these types of ransomware are typically executed through “drive-by downloads” in which legitimate website and browsers are infected.
Here’s what to can do to avoid such attacks:
First, update antivirus software and URL checkers.
Second, individuals must keep only those plug-ins and add-ons, which are absolutely necessary and used regularly.
Finally, it is high time that system administrators should update defensive security skills and companies and governments roll out strong cyber security and cyber-defence strategies.
Pradipto Chakrabarty, Regional Director, CompTIA India
The views expressed are personal