A massive extortion cyber-attack on Friday hit dozens of countries disrupting services of number of sectors including UK’s National Health Service (NHS). The attack was carried out by a "Wanna Decryptor" virus which took over computers and demanded ransom from users. UK’s National Health Services were the worst hit and many NHS hospitals had to transfer their patients to unaffected hospital that caused delay in surgeries.
Cyber experts have called the attack "unprecedented". They said said that such attacks usually take months to spread but this one spread in one big hit. However, there are patches available to prevent or get away with the virus but experts believe it will take few days for businesses to get back to normal.
To better understand the attack and its vulnerabilities, News Nation Digital's Shashikant Sharma caught up with Aatish Pattni, leading cyber expert and Head of Threat Prevention - Northern Europe at Check Point Software Technologies.
Question 1: Please elaborate how big the attack is and how much more time the businesses will take to recover from it?
Answer: This is one of the largest Ransomware attacks I've seen. Other big attacks of this nature spread over months. This one spread in one big hit. It will still take a few days for businesses to resolve and clean up from this attack. It could take them even longer to patch systems to ensure they are not vulnerable from re-attack.
Question 2: There have been at least 99 countries affected by it including UK and US, but it isn’t reported in India so far!! How do you see that?
Answer: The attack spread would have been based on how many target machines the attackers had in their database. It's possible that not many machines in India were in their database or Indian businesses that have been attacked have simply not reported it.
(Andhra Pradesh police Saturday reported the attack. Over 100 of its computer were affected by the ransomware.)
Question 3: How can it be prevented and if it hits how to get away with this “Wanna Cry”?
Answer: There are many ways to prevent this kind of attacks - 1) patch vulnerabilities; 2) invest in security software that would stop the attack getting in; 3) invest in security softwares that would instantly stop ransomware running.
Question 4: Any idea who and from where the attack was carried out?
Answer: It's too early to say who was behind this. Ransomware is usually associated with highly organised criminal gangs. Given the scale and sophistication of the attack, it's clearly a very resourceful and dangerous group or individual.