Aftermath of WannaCry

It has been three months since the WannaCry ransomware crippled thousands of computers across the world, and yet, the hackers behind the attack have not been identified. The ransomware infected computers over the network by encrypting files and asked victims to pay between $300 and $600 in bitcoins (a cryptocurrency) to decrypt the files for future use. Earlier this month, the attackers further concealed their identities by converting bitcoins to another virtual currency called Monero - an open-source, private, untraceable currency that is considered to be more anonymous than bitcoins and requires no account details to sign up. Monero can be used for making purchases in the deep web (part of the World Wide Web that is not discoverable by standard search engines).

Tarun Kaura, Director, Product Management, Asia Pacific and Japan, Symantec, says WannaCry was more dangerous than other types of ransomware. "This is because of its ability to spread itself across an organisation's network by exploiting a critical vulnerability in Windows computers, which was patched up by Microsoft ahead of the attack. Given the magnitude of companies that use the older version of the Windows software, the threat around WannaCry increased," he says.

More than 3,00,000 computers were attacked in over 100 countries; the worst hit was Britain's National Health Service, affecting 36 hospitals across the country. Globally, companies that were affected include Nissan Motors, FedEx, China National Petroleum, Renault SA, Deutsche Bahn, Hitachi, Sberbank of Russia, Yancheng police department in China, and the Russian Interior Ministry. Given the number of computers that run on the older version of the Windows operating system, India was the third worst-hit country.

While there are no reports of banks and financial services in India being hit by WannaCry, isolated incidents were reported from Kerala and Gujarat. Out of the network of 60,000 computers connecting three districts and 3,200 government offices for secure digital communication at Gujarat State Wide Area Network, over 120 computers were affected by WannaCry; in Odisha, a government-run hospital was affected; so was the Data and Information Management System at Berhampur City Hospital affecting its e-medicine and data services. The West Bengal State Electricity Distribution Company and the Southern Railways' Palakkad division suffered glitches, and the police departments in Andhra Pradesh and Maharashtra were also partially hit.

The damage could have been worse had Marcus Hutchins, a 22-year-old cybersecurity researcher, not activated a 'kill switch'. His 'accidental' discovery stopped the attack from spreading further and researchers were able to work on recovering data in some cases. He has been hailed as a cyber hero since then.

"The scope of WannaCry's impact was influenced by time zones and security controls. In East Asia, for example, several firms had closed for the weekend by the time WannaCry began picking up steam, and because of this they weren't hit as badly as others. The kill switch had been tripped by the time they started work again on Monday. Also, networks with strong security controls, like segmentation and exploit detection, fared much better than poorly-defended networks," says Bryce Boland, Chief Technology Officer, Asia Pacific, FireEye.

There are no official estimates of how much hackers were able to earn from this attack. Ajay Dubey, Forcepoint's National Manager - Partners & Alliances, says that the figures obtained from the Bitcoin wallets used suggest that fewer than 200 ransom demands have been paid out of over 200,000 machines reportedly affected. "The amount contained in the Bitcoin wallets is also related to the ransom amount demanded by the attackers; but a $300 ransom appears very low compared to recent attacks that demanded over ten times this amount," he adds.

Amit Nath, Head, Corporate Business - Asia Pacific, F-Secure Corporation, says that as per a bot watching the Bitcoin wallets tied to the ransomware attack, as on May 22, the perpetrators collected 48.86 bitcoins - a figure worth $104,436 approximately. This means under 0.1 per cent of the victims paid the ransom.

Despite paralysing some of the biggest companies in the world, WannaCry's attempt to earn big was unsuccessful. While bitcoins were a secure way to seek payment without being tracked, it was also a slow process. "After the ransomware software encrypted a user's files, attackers demanded ransom money to be transferred through bitcoin. However, many of them did not know how to obtain and pay in bitcoins, since obtaining large amounts of the cryptocurrency takes time, and then setting up an account via a bitcoin wallet and exchange is also a long on-boarding process," explains, Kartik Shahani, Integrated Security Leader, IBM India & South Asia.

Although the ransom amount was insignificant, companies suffered monetary setbacks on account of business losses. Cyber risk modelling firm Cyence estimates the potential costs from the hack at $4 billion. This also includes loss of productivity, cost of restoration of data and cost of investigation. According to the IBM and Ponemon Institute's Cost of Data Breach Study 2017, the average cost of a data breach for Indian companies surveyed is `11 crore; whereas, globally, the average cost of a data breach in 2017 is $3.62 million.

An attack of such high calibre has had experts questioning whether it was intended at extorting money at all. Atul Gupta, Partner, IT Advisory and Cyber Security Lead, KPMG in India, says, "Although the attacks demanded ransom from victims, the initial analysis indicates that collecting ransom was not the main motive. Studies indicate that these attacks were designed to assess current preparedness, and the impact that such attacks could create," he adds.

Perhaps, the worst is yet to come.

@nidhisingal