WannaCry Effect: ATMs To Be Closed Until Windows Software Updated 

15 May, 2017 09:54 IST|Sakshi
ATM Closed signs popped up at several ATM centers across the country on Monday

MUMBAI: All banks in the country on Monday decided to keep their ATMs closed until the machines receive a Windows update to protect them from the WannaCry ransomeware which is impacting networks across the world.

The RBI has directed the banks to operate their ATMs only after they update the operating systems. The directive was in response to the WannaCry ransomware that affected computer systems across the world locking up critical data and demanding bitcoins as ransom for its release. The hackers are demanding around $300 per computer to unlock each system.

As ATM machines run on Windows software, they are very vulnerable to WannaCry which could easily attack the systems and networks with the operation system. Worse still, over 60 percent of the 2.25 lakh ATMs in the country run on the outdated Windows XP.

However, Microsoft has developed and released a special update for Windows XP although this particular version of its operating system is no longer serviced by the company.

"RBI has asked banks to update specific Windows patches on ATMs urgently and not to operate ATM machines unless updates are in place," an SBI official said. Banks have passed on the directive to their management service providers.

ATM operators, however, say that there is no threat to customer data on money. "The objective of ransomware is to shut down critical information in networks and prevent access to this data."

In the case of ATMs there is no data stored in the machine. Neither is there storage of any kind of logic that will block transactions.

Even if a machine were to get affected it can be reformatted and put to use immediately," said Manohar Bhoi, president (technology) at Electronic Payments and Services — a management services firm that handles ATMs for public sector banks.

Applying software patches is done by the vendors who supply the ATM. According to Bhoi, this can be done remotely and usually the vendors run their tests on the patch before an update.

In India, 102 computer systems of the Andhra Pradesh police were hacked on Saturday and a Nissan Renault plant production was halted because of the malware.

There have been rumors of some computer system in two south-based banks being infected but there was no confirmation from RBI and none of the banks have reported the incident.

According to payment security specialist SISA's associate VP Nitin Bhatnagar, the full impact would be known only on Monday since the attack happened on a weekend.

Meanwhile bitcoin wallets linked to the ransomware saw transactions worth $34,300 indicating that a small percentage of affected users were paying the ransom money.

Ransomware Cyber Attack Threat Escalating - Europol

Friday's cyber attack has affected more than 200,000 victims in 150 countries, Europol chief Rob Wainwright says.

He told the BBC the act was "unprecedented in its scale" and warned more people could find themselves affected on Monday morning.

The virus took control of users' files, demanding payments; Russia and the UK were among the worst-hit countries.

Experts say another attack could be imminent and have warned people to ensure their security is up to date.

Mr Wainwright said that the ransomware - software that blocks access to data until a ransom is paid - was combined with a worm application - a program that replicates itself in order to spread to other computers.

This, he said, was allowing the "infection of one computer to quickly spread across the networks".

He added: "That's why we're seeing these numbers increasing all the time."

'Patch before Monday'

Although a temporary fix earlier slowed the infection rate, the attackers had now released a new version of the ransomware, he said.

Companies need to make sure they have updated their systems and "patched where they should" before staff arrived for work on Monday morning, the EU law enforcement agency head said.

In England, 48 National Health Service (NHS) trusts reported problems at hospitals, GP surgeries or pharmacies, and 13 NHS organisations in Scotland were also affected.

What occurred was an "indiscriminate attack across the world on multiple industries and services", Mr Wainwright said, including Germany's rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia's interior ministry.

However, he said that so far "remarkably" few payments had been made by victims of the attack.

BBC analysis of three accounts linked with the global attack suggests the hackers have been paid the equivalent of £22,080.

The Europol chief said his agency was working with the US Federal Bureau of Investigation to find those responsible, and that more than one person was likely to be involved.

The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency, experts have said.

After taking computers over, it displayed messages demanding a payment of $300 (£230) in virtual currency Bitcoin to unlock files and return them to the user.

Microsoft released security updates last month to address the vulnerability, with another patch released on Friday.

The UK security researcher known as "MalwareTech", who helped to limit the ransomware attack, predicted "another one coming... quite likely on Monday".

MalwareTech, who wants to remain anonymous, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.

The 22-year-old told the BBC it was very important for people to patch their systems as soon as possible.

whatsapp channel
Read More:
More News