As ransomware WannaCry ravage continues, cyber security startups look to beef up security systems of their clients.
While DSCI and Nasscom issued a best practises note on Monday, security experts are issuing alerts, monitoring communications 24/7 and developing patches to assist clients. The first step, experts say is to monitor all communication. “The genesis of this ransomware is software stolen from NSA, packaged with specific hacking technology. When someone clicks on a link or downloads an attachment, the data on the system gets encrypted. This is communicated to the command centre. Hence, communication is needed for encryption to start. If we are able to arrest this, we can block the attack,” said Anand Naik, cofounder, Sequretek. Pankit Desai and Naik have over 45 corporate clients including HDFC Bank, IDBI Federal. Sequretek has also incorporated rules that will generate alerts if there is communication from specific addresses.
Based on malware research, the Sequretek has also developed some fixes that clients can use to clean the infected machines. On Saturday, the team at Sequretek began working on a patch. “One has to break down the virus file into small data chunks to identify which is the peice that triggers encryption and write a counter to neutralise it. Once we had all details, it took us 30-40 minutes to build the patch,” said Naik.
Rama Vedashree, CEO, Data Security Council of India said any distributed environment is vulnerable to such attacks. “This is not about a single system or enterprise. Legacy platforms and unpatched systems are victims to this mass attack.” Experts in cyber security say ransomware attacks are more common than reported. Rohas Nagpal, chief blockchain architect, Primechain Technologies and former president of Asian School of Cyber Laws says he has seen several crores being paid in the last 6 months as a result of such attacks.
“There are only two options. If you have backup, you can format the system and reinstall the software. Or you pay and get your data. It is not practical to use brute force to break the encryption,” said Nagpal.
Where a system does get infected, the first step would be to isolate it. “We are adivising to isloate these systems so that we can work on it separately while patching up the existing machines. The issue with this attack is that it is doing something that a regular system is allows you to do — encryption of data. So available patches were simply to avoid peer systems from getting affected. It may not have guaranteed protection from the attack,” said Tarun Wig, cofounder, Innefu, which works with over 100 entities in India, predominantly in the government and law enforcement space.
As the ransomware continues to attack systems, experts say it will take some time to revert to normal. “Based on past attacks, we know that the first few days are full throttle where there are mass attacks. Next few days will be the stabilisation period after which we will see targetted small attacks,” said Desai.
Read More : TOI