Only sporadic hits in Andhra Pradesh were reported over the weekend. But the biggest worry is India's 2 lakh-plus ATMs, many of which run on the obsolete and vulnerable Windows XP system.
Bangalore, May 14 2017: The wave of cyber-attacks on computer systems, that were recorded in 74 countries, since Friday, is now lapping Indian shores.
The Indian Computer Emergency Response Team ( CERT) issued a Critical Alert on Saturday suggesting that organisations keep their Windows-based computers updated with the latest patches issued by Microsoft right up to mid March 2017. CERT confirmed that the attack came from a Ransomware called WannaCrypt or WannaCry that locks your hard disk and then asks for money to unlock it.
CERT Director General Gulshan Rai has been quoted confirming that over 100 systems of the Andhra Pradesh Police department have been infected, especially those running on Windows OS. Telugu-language news sites have been a bit more specific and have reported that police networks in police stations in Chittoor, Guntur, Srikakulam, Tirupati and Vizianagaram have been affected and are down.
Russia-based Net security company Kaspersky Lab, in a blog shortlisted Russia, Ukraine, India and Taiwan as the worst hit -- in that order. However initial media reports have tended to highlight the attack on the UK national health system.|
It is clear that the attacks are exploiting the vulnerability of computers running versions of Microsoft Windows that have not been protected with the latest ( March 14) patch. For those running Windows 7, 8 or 10, it is not too late. But what is worrisome is the large number of machines especially in India running earlier and obsolete versions like Windows Vista and Window XP. XP dates from 2001 and Microsoft support stopped in 2014. Vista was launched in 2006 and support by way of patches ceased on April 14 this year.
What is particularly disturbing for the rest of us who may not even possess a PC or laptop is the vulnerability of the ATMs we are forced to use. Of the 2 lakh plus ATMs in India, the majority are said to be working on Windows XP. Many of us will know this first hand -- we have seen the XP logo when ATMs sometimes go through a reboot. The banks by and large seem to be adopting the American adage: "If it ain't broke, don't fix it"! XP has proved to be a robust system -- indeed many computer professionals swear it was the best Windows version of them all. But it is surely remiss on the part of banks to continue running an unsupported version of the ATM operating system long after the expiry date. This is however a global phenomenon and not just limited to India. One must ask, what ATM manufacturers like NCR and Diebold have to say: did they offer their customers timely updates?
One reason why Indian banks have been slow to update the ATM operating software, may be the government's interest in eventually shifting major public systems including banks and ATMs, to an Open Source OS, specifically the BOSS or Bharat Operating System Solution, developed by the Centre for Development of Advanced Computing (C-DAC).
If ATMs have so far escaped the attention of Ransomware perpetrators that may be because their current focus is on large enterprises, vulnerable to blackmail. But who is to say they will not turn next to the banking system? If so we are sitting ducks.