Don't give in to threats and pay ransom: India advises victims of WannaCry

Saying that decryption tools could come in time, CERT-In said that the infected data should be saved

Have you been hit by the recent WannaCry ransomware attack? If so, India’s Computer Emergency Response Team (CERT-In) has advised victims of the recent attack, which is ravaging Windows-based computer systems globally by encrypting critical data, to not given into the cyber attackers' threats and pay the ransom. 

In a webcast on Monday, CERT-In advised individuals and organisations on how to protect themselves from the threat and outlined what they should do if the ransomware has made it onto their system. CERT-In had issued a critical warning against the WannaCry ransomware threat on Saturday.

“Do not pay the ransom, that will encourage the attackers to do more of such attacks. Report the incident to CERT-In and the local law enforcement agencies so that we can work on it,” a representative of CERT-In said in the webcast.

The easiest way to prevent the malware from making it onto any Windows system is to install security patches provided by Microsoft, apart from deploying an up-to-date antivirus software and being cautious when opening emails and downloading attachments from unsolicited emails.

“Currently, we’ve detected seven variants of this ransomware and detection has been aided by the free botnet detection tools which are available on our cyber swachhta kendra website. Users are encouraged to visit the website, use the free tools to remove bots and malware from your systems,” said a representative of CERT-In

CERT-In noted that if users were unable to install the security patches on their systems, there was a high chance that their systems were already infected by the WannaCry threat. In such a case, it advised that users should isolate the system because the threat is known to spread very efficiently through LAN connections, infecting multiple computers very quickly.

“Users can run cleaning tools available on our website to remove the malware. Before doing so, preserve the data even if it has been encrypted by the bug. Researchers can work on the methodologies to decrypt the data, but it will take a little time. So don’t discard the data, store it even if it is encrypted so that when decryption tools are available you can recover it,” the CERT-In representative added.

Along with its warning, CERT-In has also made available a guide on precautions users and organisations should take to keep the WannaCry ransomware from infecting their systems. 

Experts say that users in India could be adversely affected by the WannaCry threat as a large number of systems run unsupported versions of Microsoft’s Windows operating systems. Over a dozen companies and around 18 systems of the Andhra Pradesh police have been affected by the ransomware. It was unleashed by hackers after they stole the vulnerability from the US National Security Agency.

Further, the number of systems running pirated versions of Windows is also high, making them vulnerable as they will lack the security patches Microsoft issues regularly.

CERT-In noted that the ransomware demands users to pay an amount of $300 in bitcoins in order to regain access to the data that the worm encrypts. Along with an on-screen message informing users that they’ve been infected, the bug also plants a few files giving them instructions of how to get rid of the ransomware. “Do not run these files even if you get the message that the system has been infected,” added the CERT-In representative.