On Monday, the first weekday after the WannaCry ransomware attack began, several thousand more computers turned out to be affected, particularly in Asia. However, a second wave of the attack that many feared would be carried out with mutated versions of the malware did not happen.
In India, Information Technology Minister Ravi Shankar Prasad said barring “isolated incidents” in Kerala and Andhra Pradesh, there had been no major impact of the attack.
Mr. Prasad said the government had issued an advisory in March, and informed administrators about Microsoft’s “software patch” to be used against a possible attack. The existence of the EternalBlue exploit of Windows that the malware uses to spread has been known for some time.
The systems run by the National Informatics Centre, which maintains the government’s online infrastructure, were secure, the Minister said. A cyber coordination centre to take precautions against such attacks would start operations by June. A software upgrade of all government systems will also be in place by then, he said.
Earlier in the day, the Computer Emergency Response Team of India (CERT-In), under the IT Ministry, held a web conference, sharing technical details of the attack and precautions to be taken. The agency said it was yet to get official notification on any attacks in India from the malware that encrypts files and demands a ransom to decrypt them.
In Kerala, staff in far-flung village offices in Wayanad, Pathanamthitta, Kollam and Thrissur districts told the police that they opened their internet-linked workstations after the weekend to find them infected.
At the Tirumala Tirupati Devasthanams, 20 workstations assigned for normal office work and running on Windows 7 and XP operating systems were infected by the virus and were immediately isolated from the network.
While Mr. Prasad denied any knowledge of banking systems being affected, an official said a few ATMs in remote areas had been shut to upgrade their operating software.
The banking sector has been upgrading software on a war footing since the attack came to light. Though most of the core financial systems are behind strong defences, the front-end software are exposed and are now being secured.
There were reports of Nissan’s Chennai plant being affected, and the car-maker in an emailed statement said, “Like many organisations around the world some Nissan entities were targeted by the Ransomware attack. Our teams have been responding accordingly and there was no major impact on our business. Normal production operations are underway at our RNAIPL plant in Chennai.”
IT majors Infosys and Wipro told The Hindu that they have not been affected as their systems are robust and they constantly monitor threats.
Asia takes the hit
Globally the malware has claimed 200,000 victims across 150 countries so far. Asia seemed to fare worse than Europe on Monday, mostly because it had started the weekend before the attack reached its full scale on Friday. China has reported 40,000 organisations as affected, which could be an underestimation given the prevalence of pirated software in its industry, according to the New York Times .
Russia, among the worst affected, has denied any role in perpetrating the attack and President Vladimir Putin blamed the United States’ intelligence agencies for creating the malware.
The National Health Service of the U.K., which was crippled by the attack, has been limping back to normalcy with most of its affected hospitals secured.
Some victims paid the $300-in-Bitcoins ransom demanded by the cyber-criminals to unlock their computers, which was due to double to $600 on Monday for computers hit by Friday's first wave, according to Reuters. Many victims told cyber security experts that the hackers offered good service, with helpful advice on how to pay.
But the hackers appear to have made only about $50,000 so far, according to Elliptic Labs which tracks Bitcoin transactions.
(With inputs from Vijaita Singh, Yuthika Barghava, Peerzada Abrar, G. Anand, B. Venkat Sandeep, and agencies)
