"Wanna Cry": Ransomware that made the world cry

Varun Kapoor *

Cyber crime is going to be threat # 1 for public security in the coming times – was a cliché oft repeated in policing and security establishments in our country. The assumption was that this was a thing of the future and would happen in the days , months and years ahead.

However no one in the security apparatus seriously believed that it would actually be a real problem and that too very soon. It was a good thing to talk about, deliberate in detail and then forget and move onto more “pressing” issues.

All that changed on Friday the 12th of May 2017. A deadly Ransomware called Wanna Cry invaded the world and damaged tens of thousands of computers in over one hundred countries. An attack of this magnitude was never heard of before.

The D Day had arrived – all predictions that one day cyber crime will be the threat number 1, were coming true. It was no longer a predication for the future but the threat had arrived today and now! Let us analyze this entire phenomenon in a step by step manner to better understand this particular threat and what the future holds for citizens and the world.

Ransomware is basically a computer malware (malicious software) that infects an individual computer or network of computers. This basically encrypts or in a way locks the entire data contained in that computer or network. This data is then not available to the user or owner of the system till it is decrypted or unlocked.

The challenge becomes more daunting as the unlocking can only be done by the hacker/criminal who has introduced the Ransomware malware in the first place as only he/she has the decryption key or code. Companies, organizations and even individual citizens have huge amount of data stored in their computer systems.

A loss of this data can seriously jeopardize the functioning of such entities to the detriment of humanity in general and the individual citizen in particular. This is what these criminals bank on – knowing that the organizations and citizens will go to any lengths to recover their “stolen” data to ensure smooth functioning and living.

Such criminals demand a ransom or an amount of money for unlocking the data that they have encrypted. This ransom is also not to be paid in normal currency but in a virtual currency called Bitcoin. This virtual currency is presently traded at Bitcoin to 1,61,283. Thus it can be clearly seen that this Bitcoin is a very highly valued currency.

The present Ransomware attackers were demanding 300 – 400 Bitcoin’s from their victims to unlock their data. So they were in a way demanding somewhere in the region of 4- 5 Crores to unlock the data encrypted by their malware! This is an astronomical sum to say the least.

Generally a Ransomware works on the vulnerability of the operating system in use in a particular computer. The Wanna Cry malware attacked the Windows XP operating system weakness called “Eternal Blue” for which Windows released a security patch for in April of this year. But many individuals did not install this patch and they all became potential victims of this horrendous attack.

A simple email with an innocuous link or infected WORD or Pdf attachment that an unsuspecting victim clicks on triggers this malware into the system and locks out all data available. After infecting an individual computer it can spread to a network of computers and infect them all. Wanna Cry was first noticed when it paralyzed the entire National Health Service (NHS) of Britain.

It affected the NHS in Lancashire and soon spread laterally throughout the NHS’s internal network. It soon attacked in Spain and locked out the major telecom giant Telefonica. The countries worst effected were Russia, Ukraine and Taiwan. It is estimated that Wanna Cry affected 200,000 victims and infected 300,000 computers in 150 countries in the world in a four day period between 12th and 15th May.

The total loss caused was estimated to be of the tune of US$ 4 Billion or 27,000 Crores! In India the impact of Wanna Cry was not that widespread. It was noticed in computer systems mainly in the states of Andhra Pradesh and Kerala. Yet in the period of its spread all banks ATM’s were shut down and all cash withdrawals were curtailed. There were other repercussion too.

That was the extent of threat that existed and the fear it generated. It is predicted that the Wanna Cry malware was a creation of the National Security Agency of the USA to spy on suspect systems all over the world and it was accidently leaked online by an anonymous group called Shadow Brokers.

The precautions against any such Ransomware attack are very simple. Never click on attachments and links given in unknown source emails. Always backup all your important data on a regular basis. Always install security patches for the operating systems released by the manufacturer from time to time. Despite these precautions if the computer is infected by a Ransomware – immediately shut down the system and disconnect it from the network to prevent any further spread.

Thus D Day was here and it was a clear and present danger. No longer was it in the realms of fantasy and mystically hidden in the future. The cyber crime threat looms larger and more menacing than ever before. If a small attack based on a Ransomware can cause such widespread panic, destruction and loss – imagine if the attack is more severe, concerted or continuous?

The time to wake up and take action is here – people, organizations & governments must take stock of the situation immediately and launch a war on cyber crime – a war they have to win at all cost – if humanity has to survive and thrive.


[Views expressed in the column are of the author himself]