Ransomware: Govt rushes to contain damage, secure systems

The government went into a fire fighting mode today after global cyberattack 'Petya' hit one of the terminals at the Jawaharlal Nehru Port Trust (JNPT) and partially disrupted operations of private port operator APM Terminals Pipavav.
National Cyber Security Advisor Gulshan Rai was rushed to the financial capital to assess the situation, even as the government's nodal cybersecurity unit worked overtime to send out advisories to all critical infrastructure.
"The ICT infrastructure installed, managed and operated by government authorities, central and state, are functioning efficiently," Rai told PTI.
IT Minister Ravi Shankar Prasad has said that proactive measures have been initiated and the government is keeping a close vigil on the situation. He maintained that there is no large-scale impact on India yet.

GSTN -- the IT backbone on which India's biggest tax reforms is set to roll out from July 1 -- has said its operations have not been affected and registrations are going on smoothly.
'Petya' ransomware has struck parts of Europe, hitting Ukraine and Russia the hardest.

Security firm Kaspersky cited its data to say that about 2,000 systems were impacted as of Tuesday, with systems in Britain, France, Germany, Italy, Poland and the US also being impacted.
"We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the US," Microsoft said in a blogpost.

Microsoft added that it has already released updates to ensure users are protected.
Security firms have warned that 'Petya' could be particularly potent as it uses "multiple techniques" to automatically spread in a network soon after the first system is infected.
This is the second time in two months that hackers have tried to hold computers at ransom, threatening to wipe out critical data unless the users paid up.
In May, 'WannaCry' ransomware attack affected systems in over 100 countries.
Some of the biggest corporations including Russia's largest oil company Rosneft, Ukraine's international airport, shipping firm AP Moller-Maersk, and advertising giant WPP have come under the latest attack.

Security agencies have advised companies to update their Windows software, check their security solutions and ensure they have back up and ransomware detection in place.
They have also advised users to refrain from clicking on suspicious emails and regularly update the security patches on their PCs.
Matt Moynahan, CEO of Forcepoint said the latest attacks demonstrate the vulnerability of critical infrastructure.
"An important takeaway is the undeniable trend in the increasing ease by which attackers can penetrate the perimeter and get inside of corporate infrastructure," Moynahan said.
From the government to the boardroom, leaders need to make cyber resiliency a requirement, putting focus and funding behind it, he noted.

Once infected by the ransomware, the systems are locked and a demand of USD 300 in Bitcoins is made to recover the files. However, it is not clear whether the systems are decrypted after the payment is made.