India might have escaped the worst of WannaCry, the ransomware that affected Windows-based computer systems across the globe over the weekend, said experts on Monday. Industry, however, was on high alert to avert any attack.
The ransomware, first detected last Friday, locks down computers and demands a ransom to unlock the data stored in these systems. It had affected about 150 countries across the globe, with Russia and the UK being the worst affected. India, too, reported a number of cases of computers being locked down, including some computers of the Andhra Pradesh police.
The Computer Emergency Response Team (CERT-In) said few incidents of the attack had been reported in the country. "So far, the impact of this ransomware has been reported in... England, Russia, Spain, Germany, USA, and some academic institutions in China. Very few reports come from our country," a CERT-In official said in a webcast on Monday.
The agency has issued advisories to organisations and individuals to protect themselves. "Do not pay the ransom, it will encourage the attackers... Report the incident to CERT-In and the local law enforcement agencies so that we can work on it," the official said.
Not everyone is convinced, though.
"If you look at the heat map, India is among the most affected," said Balaji Venkateshwar, a cyber security researcher. "Most of the world's ATM networks run on Windows XP; India, too, could be affected."
Others said companies and the government should be more open in acknowledging cyber challenges and dealing with it.
"In India, we are not talking openly about cyber security. Whenever there is a scare, people say let us get on a defensive mode," said Mishi Choudhary, director at Software Freedom Law Centre.
He added, "When the ATMs were hacked last year, how long did they take to come out with the truth?"
On Monday, banks, airlines, large information technology (IT) organisations and manufacturing companies across sectors issued advisories to employees to not open any unknown attachments and asked them to follow safe cyber practices.
"Our IT department is in the process of updating all endpoints such as laptops and desktops with latest Windows patches. ICT has also initiated safe back-up of data. Antivirus is also being updated to cover the ransomware attack," an AirAsia India spokesperson said.
Hotels, too, had padded up to protect their systems.
"Our security systems and software are being updated with recommended patches released from software development companies. Suspected emails, malicious websites and advertisements have been blocked at gateway and endpoint access through which attackers usually prompt users," said Ajai Kumar, chief information officer, Lemon Tree Hotels.
For the past 72 hours, about 2,000 techies at HCL Technologies have been glued to their computers, protecting clients from any attack. It is all hands on deck for the Noida-based tech major, which has formed crack teams of cyber security experts to protect data of hundreds of clients.
"We have been working round the clock. Almost 200 cyber security experts are protecting servers. This will continue till the threat of this malware passes," said a senior executive at HCL Technologies.
The banking sector is relatively well protected from cyber attacks, said Suresh Rajagopalan, president, Software Products with FSS, a payments technology leader that handles ATM operations.
"According to our interaction with the banks, they are protected," he said. "A majority of the banks have beefed up their cyber security, especially after introducing mobile banking. But given the large network, especially of public sector banks, and their infrastructure in some remote places, it may not be possible for them to update all the antivirus patches and others on a day-to-day basis."
Banks, both private and public, said they had not detected any attack on their networks.
State Bank of India Chief Information Officer Mrutyunjay Mahapatra said the banks' core system run on software that could not be corrupted easily from outside. ATMs work on the vulnerable Windows network, and the bank was updating systems with latest patches available from Microsoft to protect their systems.
"We are also making sure that physical security around the ATMs is adequate so that sensitive entrance points are not compromised," he said, adding, "It is not easy to transmit malware through ATM networks, as these are usually heavier than what the bandwidth is able to transmit."
Bankers said there was no specific advisory by the Reserve Bank of India or CERT-In. However, the central bank has a standard "hygiene advisory": whenever there is a software update available, it has to be implemented.
The Goods and Services Tax (GST) N, set up to provide IT infrastructure for the GST roll-out, will not be impacted by the attack, as its systems do not run on Microsoft software, the network's CEO Prakash Kumar said.
The GSTN is gearing up to handle about 3 billion invoices every month under the new indirect tax regime and will complete the beta testing of its software on Tuesday. "Our software is not based on Microsoft Windows operating system and hence we are immune. We operate on Linux software which is not affected by the ransomware attack," Kumar told PTI.
Some experts sounded a note of hope.
"I feel Russia and western Europe were the focus of the attack," said Saket Modi, founder of Lucideus, a digital security firm, adding, "We have not seen a significant impact."