Ransomware attack: North Korea 'key' suspect, India 'well-protected'

With cyber security experts suspecting a North Korean hacker group behind the massive ransomware attack that created havoc in nearly 150 countries since the last weekend, Britain's National Crime Agency (NCA) on Tuesday claimed there was no immediate indication of a second surge of such attack.

They, however, warned that the possibility of another such attack should not be ruled out in the near future.

The NCA has provided guidance on how to avoid falling victim to the ransomware and has sought collaboration with international partners.

Cyber security experts, including Indian-origin Neel Mehta who is working with Google, claimed that the patterns of the ongoing ransomware attack matched with the "Lazarus Group" that works on behalf of North Korea and used the same coding and tools in the past as were used in "WannaCrypt" that affected Microsoft operating software.

"Lazarus Group", that according to Mehta is based in China, was responsible for a major hack on Sony Pictures in 2014 and another on a Bangladeshi bank in 2016.

According to media reports, South Korean authorities also suspected North Korea to be behind the attack and raised a cyber security alert for the country.

When it came to users' paying ransom to the attackers, the White House claimed that less than $70,000 has been paid so far. "We are not aware of payments that have led to any data recovery," White House Homeland Security adviser Tom Bossert said at a daily briefing on Monday.

In Saudi Arabia, the global cyber attack affected only a limited amount of computer data from the public and private sectors, Efe reported, quoting the Interior Ministry's Centre for Electronic Security.

In India, the government said that key networks were well-protected from ransomware.

"On ransomware, since March, the government of India has been on high alert. We have already installed the necessary security in batches as far as the government key networks are concerned," said Information Technology Secretary Aruna Sundararajan in New Delhi.

"We have not got any reports of widespread infection. There have been very few isolated instances and we continue to be on watch," she added. Sundararajan said that apart from five or six isolated instances, there are no reports of any significant damage in the country.

A multi-agency monitoring team is already continuosly monitoring and assessing the situation on a round-the-clock basis, the IT Secretary noted.

"It is imperative that businesses everywhere update their operating systems, their security software and educate their users against phishing attacks. This is a best practice to reduce the risk from any attack," emphasised Sunil Sharma, Vice President-Sales at IT security firm Sophos, India & SAARC.

--IANS

qd/ppg-ag/na/bg