WannaCry Ransomware Attack

Ed. Note: This post by Kanu Garg is a part of the TLF Editorial Board Test 2018

The hoi polloi is generally abstracted from the intricacies of the tech – world. We might check mails every day, scroll through Facebook Newsfeed every hour and Whatsapp every alternate minute, and rather proudly proclaim ourselves to be “netizens”, our knowledge of the alternate (virtual) reality continues to be bleak and often fantastical. However, the WannaCry Ransomware that hit the headlines as fast as it hit the computer networks across the world called for a reality check – to look beyond ‘all things bright and beautiful’ into the grayer sides of our virtual existence. Here is a brief insight into the malware attack –

A ransomware is essentially a malware (malicious software) that encrypts all the data on the computer it takes over to make it inaccessible to its owner. Thereafter the data can be regained only using a decrypting key which the owner can get on payment of some “ransom” to the attacker, usually in cryptocurrency.

The ransom demanded is not very significant – usually between $700 and $1300, so that the affected companies are able to afford it. There are discounts offered for making quicker payments in order that the companies do not dwell on the payment and make a quick decision. Several companies across the world have now started keeping some cryptocurrency in stock with them to deal with ransomware attacks.

Ransomwares suddenly jumped into limelight in May last year, when a ransomware worm called “WannaCry” attacked Windows computer systems across the globe, causing loss running into several billions. A ransom of $300 was demanded in Bitcoins to prevent the identification of the source of the malware.

While this wasn’t the first Ransomware attack that the world has seen, the WannaCry attack suddenly flashed across news channels and appeared in newspaper and magazine cover stories (apart from becoming the subject matter of Facebook memes) because of its contested origins as well as high – profile system victims such as Britain’s National Health Service.

Interestingly, WannaCry fed on a Windows vulnerability that had been discovered way back by the United States National Security Agency (NSA). The vulnerability existed in the Windows’ implementation of the Server Message Block (SMB) protocol. This protocol helps various nodes on a network to communicate. However, Microsoft’s implementation could easily fail before specially crafted packets with the potential to initiate execution of arbitrary codes.  NSA, on learning about this vulnerability chose not to inform Windows, and instead came up with an exploit called EternalBlue for its own purposes. A hacking group called Shadow Broker somehow managed to steal this exploit and discreetly released it on the internet in April 2017 via a seemingly ordinary political post on Medium. The WannaCry malware made use of EternalBlue and on May 12, wreaked havoc on the global computer networks.

Few months before the attack Windows learned about the vulnerability and devised (and circulated) a patch to prevent any cyber infection. However, despite the fact that Windows flagged the patch as critical, many systems remained unpatched as of May 2017 and fell prey to WannaCry.

The implications of WannaCry were unprecedented, with around 200,000 systems across 150 countries getting affected. Russia, Taiwan, India and Ukraine were worst hit. In NHS, Britain alone around 70,000 devices including computers, MRI scanners and blood – storage equipment were impacted. Several companies such as Nissan and Renault stopped production at some sites fearing WannaCry attack. Yet, the liability of this massive virtual disaster hasn’t been fixed anywhere as of now. This is primarily because WannaCry was a Cyber Worm. This implies it did not rely on any external mechanism to spread and traced its way through the systems on its own. Consequently, so long as somebody doesn’t come to the fore and own up the affair, nobody will ever be able to say with conviction as to who did it.

However, Symantec, a prominent Cyber security provider had a theory on the attack – Lazarus group, a hacking group associated with North Korea, infamous for the 2014 Sony Hacking incident as well as several other banking heists might have a role to play here. They based their allegations on the nature of tools and components employed by WannaCry and those used by Lazarus in their previous attacks. But most jarring revelation that they made was that WannaCry wasn’t a one – month affair, but in fact it had started its spread several months ago by the name Ransom.WannaCry. While debates as to its origin are still on, USA and UK have officially declared North Korea as the origin of the Ransomware. Yet, it still cannot be determined objectively if it really was North Korea or any other group imitating the Lazarus designs to flag the liability onto them.

India was the 3rd largest victim of WannaCry in the world, with the dreaded ransom demand flashing on the screens of systems across the nation. While the losses accrued as a consequence of the attack ran in several millions, there was nothing that the Indian Government could have done to prevent it. Even if the perpetrators had been identified, India would have no claim to justice despite the fact that it directly contravened with several Indian laws, such as §66 and §70 of Indian Information Act, which deal with hacking of computer systems and data alteration, and un – authorized access to protected system respectively, as well as §383 of Indian Penal Code which talks about the offence of Extortion. This is because India is not a signatory to the Convention of Cyber Crimes Treaty, and thus does not have proper extradition laws to deal with crimes committed over internet.

Thus, yet again, India’s lackadaisical attitude towards online offences and the consequent unpreparedness for dealing with cyber crime has taken its toll on the nation. This need to be a wake – up call for the legislature to take cyber laws more seriously to prevent such massive intrusions in the future which cost India both its hard – earned wealth as well as reputation in the international legal domain.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.