Ransomware: Govt activates mechanism to prevent cyber attack from WannaCry; Here's how to avoid it

New Delhi: The Government of India has activated a "preparedness and response mechanism" to prevent any major cyber attack from a new ransomware -- "WannaCry" -- which has infected computer systems around the world. According to the Ministry of Electronics and Information Technology (MeitY), it has activated a "preparedness and response mechanism" by instructing CERT-IN (Computer Emergency Response Team) to gather "all the information of the reported ransomware". Recently, a global cyber attack was launched using the "WannaCry" ransomware and the malicious software infected computers and restricted users' access to it until a ransom is paid to unlock it. CERT-IN, on May 13, had issued an advisory for both reactive and preventive actions to deal with the ransomware. "MeitY has initiated contact with relevant stakeholders in public and private sector to 'patch' their systems as prescribed in the advisory issued by CERT-IN. MeitY has also requested Microsoft India to inform all their partners and customers to apply relevant patches," the ministry said in a statement. "In India, no reports have been formally received so far regarding this ransomware attack. However, it is understood that a few systems of the police department in Andhra Pradesh were impacted. MeitY has informed AP government, to follow the CERT-In advisory." Ransomware spreads by using a vulnerability in implementations of "Server Message Block" (SMB) in Windows systems, said the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). SPECIAL PRECAUTION WHILE USING PEN-DRIVE & EXTERNAL HARD DRIVE Till this threat is over, avoid using external storage devices like pen-drive and external hard drive. But if you have to, then disconnect internet from laptop/desktop first before using these devices. WHAT IS MALWARE AND RANSOMWARE? Malware is a general term that refers to software that's harmful to your computer, said John Villasenor, a professor at the University of California, Los Angeles. Ransomware is a type of malware that essentially takes over a computer and prevents users from accessing data on the computer until a ransom is paid, he said. HOW DOES YOUR COMPUTER BECOME INFECTED WITH RANSOMWARE? In most cases, the software infects computers through links or attachments in malicious messages known as phishing emails. "The age-old advice is to never click on a link in an email," said Jerome Segura, a senior malware intelligence researcher at Malwarebytes, a San Jose-based company that has released anti-ransomware software. "The idea is to try to trick the victim into running a malicious piece of code." The software is usually hidden within links or attachments in emails. Once the user clicks on the link or opens the document, their computer is infected and the software takes over. BUT HOW DOES IT WORK? "Ransomware, like the name suggests, is when your files are held for ransom," said Peter Reiher, an adjunct professor at UCLA who specializes in computer science and cybersecurity. "It finds all of your files and encrypts them and then leaves you a message. If you want to decrypt them, you have to pay." The ransomware encrypts data on the computer using an encryption key that only the attacker knows. If the ransom isn't paid, the data is often lost forever. When the ransomware takes over a computer, the attackers are pretty explicit in their demands, Segura said. In most cases, they change the wallpaper of the computer and give specific instructions telling the user how to pay to recover their files. Most attackers demand between $300 and $500 to remove the malicious ransomware; the price can double if the amount isn't paid within 24 hours. Law enforcement officials have discouraged people from paying these ransoms. HOW CAN PEOPLE PREVENT ATTACKS LIKE THIS?

• The first step is being cautious, experts say. But Villasenor said there is "no perfect solution" to the problem.
• Users should regularly back up their data and ensure that security updates are installed on your computer as soon as they are released. Up-to-date backups make it possible to restore files without paying a ransom.
• Users should also look for malicious email messages that often masquerade as emails from companies or people you regularly interact with online. It's important to avoid clicking on links or opening attachments in those messages, since they could unleash malware, Villasenor said.

(With inputs from Agencies)