India 'well-protected', North Korea 'key' suspect

New Delhi/Washington/London, May 16: With cyber security experts suspecting a North Korean hacker group behind the massive ransomware attack that created havoc in nearly 150 countries since the last weekend, Britain’s tiol Crime Agency (NCA) on Tuesday claimed there was no immediate indication of a second surge of such attack. They, however, warned that the possibility of another such attack should not be ruled out in the near future.

The NCA has provided guidance on how to avoid falling victim to the ransomware and has sought collaboration with intertiol partners.

Cyber security experts, including Indian-origin Neel Mehta who is working with Google, claimed that the patterns of the ongoing ransomware attack matched with the “Lazarus Group” that works on behalf of North Korea and used the same coding and tools in the past as were used in “WanCrypt” that affected Microsoft operating software.

“Lazarus Group”, that according to Mehta is based in Chi, was responsible for a major hack on Sony Pictures in 2014 and another on a Bangladeshi bank in 2016.

According to media reports, South Korean authorities also suspected North Korea to be behind the attack and raised a cyber security alert for the country.

When it came to users’ paying ransom to the attackers, the White House claimed that less than $70,000 has been paid so far. “We are not aware of payments that have led to any data recovery,” White House Homeland Security adviser Tom Bossert said at a daily briefing on Monday.

In India, the government said that key networks were well-protected from ransomware.

“On ransomware, since March, the government of India has been on high alert. We have already installed the necessary security in batches as far as the government key networks are concerned,” said Information Technology Secretary Aru Sundararajan in New Delhi.

“We have not got any reports of widespread infection. There have been very few isolated instances and we continue to be on watch,” she added. Sundararajan said that apart from five or six isolated instances, there are no reports of any significant damage in the country.

“CERT-In (Indian Computer Emergency Response Team (CERT-In) which is the tiol agency which monitors and tracks this activity, has affirmed that in India, there were five or six isolated instances, one of about 18 computers of the police in Andhra, as well as about five odd instances, one in Kerala where one of the Panchayat computers were affected,” she told reporters here.

“Apart from that, there have been very small fragmented, isolated machines, standalone machines which have been affected. Overall, there was no report on any kind of substansive scale to indicate that Indian systems have actually been affected,” Sundararajan said. The IT Secretary added that a multi-agency monitoring team is already continously monitoring and assessing the situation on a round-the-clock basis.

Information Technology Minister Ravi Shankar Prasad on Monday had said the cyber attack by ransomware virus ‘WanCrypt’ had nearly zero impact in India.

“We are strengthening our cyber security. After talking to Microsoft, we had asked people to install patch system in March. This ongoing attack not only had minimum, but nearly zero per cent impact, in India. We are strengthening our areas,” the Minister had said.

Sunil Sharma, Vice President-Sales at IT security firm Sophos, India & SAARC said: “It is imperative that businesses everywhere update their operating systems, their security software and educate their users against phishing attacks. This is a best practice to reduce the risk from any attack.” (IANS)