WannaCry Ransomware: Learn from Ethical Hacker Deepak Kumar Nath
Bhubaneswar: Following the attack of WannaCry Ransomware in Ganjam district of Odisha, CEO & Founder of Global Tech Promoters Deepak Kumar Nath, a renowned ethical hacker, in an exclusive interview to Siddharth Roshan, representative of odishatv.in, explains about the problem that has panicked more than 140 countries.
Deepak is a security researcher, who has discovered security flaws in websites such as Facebook, Microsoft, Blackberry, Sony, MasterCard and Adobe. He is also listed on the Facebook and Microsoft Hall of fame.
Below are the excerpts of the interview, where he speaks about ransomware WannaCry.
Q: What is Ransomware?
A: Ransomware is like a virus or it may be a malware which can be injected into a system to go through the vulnerable parts of the system and after infecting all the files, they will be encrypted. Now the attacker will ask for money to pay through bitcoins to restore the data.
Q: What is WannaCry?
A: WannaCry is one type of ransomware that has affected systems worldwide. It has attacked the earlier versions of Microsoft Windows that were vulnerable. The vulnerability is in the SMB (Server Message Block) that is present in all those operating systems through which the attacker can inject .exe file, a malware that spreads in a network and encrypts all the files.
Q. Can the data of the affected systems be restored?
A: Shadow hackers have already encrypted the data in the systems by using some hashcodes. It is very difficult to decrypt the code and as large numbers of files are infected, finding the decrypter key is next to impossible.
The systems that are not infected can be secured by using some antivirus, updating the operating systems, and disabling SMB exploit. The users should also get knowledge of cyber security.
Q. Is Microsoft responsible for the attack?
A: We cannot blame Microsoft. It has its own bug bounty program that invites hackers to find vulnerability in its system and pays them. I had also earlier found out some vulnerability in its operating systems, but suppose I found one ‘zero-day vulnerability’ and did not report it to Microsoft. What if I use it in a negative way or use black-head methodology to hack into systems of people and earn money.
However, Microsoft security researchers should also be alert and update their systems from their own end. All should be concerned including Microsoft team and security researchers.
Q. Is ransomware attack in Berhampur the first case in Odisha?
A: No it is not the first case in Odisha. One year back some of my friends were also attacked by a ransomware called CryptoLocker, but it had only targeted individual computers and not affected any networks. Now the Berhampur attack was on a network where many systems were infected.
Q. Were you able to find any solution to the earlier attack?
A: The earlier attack was not solved. It is nearly impossible to grab the codes as already huge data has been encrypted. Lot of time, huge server space and large amount of money will be necessary to decrypt it.
Q. Will the Cyber Cell team be able to restore the data?
A: I don’t think so. They will face a lot of problem in decrypting the hashcodes and restoring the data.
Q. What are hashcodes?
A: HashCode is like a cryptology algorithm. All are now using crypto analysis technique for security purpose that can also be used for wrong purpose. My name also can be encrypted into a hashcode, for example WhatsApp is also using the hashcodes to convert the messages to an encrypted format so that nobody will be able to read it.
Ransomware uses the same technique. After encrypting all the files they are charging for money for decryption. Suppose I use user-defined encryption, than none other than me will be able to crack it.
Q. What is user-defined encryption?
Let’s say I am the scientist and crypto analyst, so I will define the hashcode algorithm from my side, it is in my brain. Any other person will not be able to know about it and so cracking it will be difficult.
Q. One person from Google had alleged that the attack in done from North Korea; is it true?
A: Defining the source of the attack is difficult.
If a hacker from India designs a ransomware and names it WannaCry 1.0, we will not be able to say if it is coming from North Korea or any other place. Anyone with knowledge of crypto analysis can design a ransomware and demand for money through bitcoins. As it is bitcoin, you will not be able to trace the hacker.
Q. What are bitcoins?
A: Bitcoin is a crypto currency that is only available in internet. We don’t need a bank account, any ID proof to create one bitcoin account, only one verified Email-Id is sufficient. There is a bitcoin address that is nothing like sixteen digit code of a bank account, it is only a hashcode. Anyone can transfer money through this bitcoin account and none will be able to track it.
Q. Do you have any suggestions what people should do now?
A: They have to first update their operating systems, install antivirus, disable SMB present in control panel of their operating system to be secured from WannaCry and they also have to learn cyber security awareness. They should also be careful while browsing through websites and checking mails.
Backup of data is also not a solution, as one infected file can corrupt all the data in the Pen Drive or hard disk on which they are doing the backup.
Note: Watch the video for more suggestions on protecting your system and securing your data.