A day after the Petya attack, it is now recognized that those who pay ransom for Petya attack may not be able to get the decryption key and decrypt their system back to action.

The attack is now being dubbed as “Not a Ransomware but a Wiper”.

Experts are now realizing that the malware was by design not meant to restore data on payment of ransom. It could be a mistake that the creators of the malware have committed or it could be an attempt by a state actor who wanted to attack Ukraine and wanted to disguise and mislead the security world that it was in deed a ransomware.

For more details one can refer to this article

According to these experts, unlike other ransomware, this malware does not encrypt at the file level. It encrypts the Master Boot Record (MBR) and makes the computer not bootable. Then it scans through the local network and infects other machines using other exploits. The malware replaces MBR with its own version which displays the ransom message.

It is however observed that the current variant of the malware encrypts the Master Boot Record (MBR) but does not keep a copy of the original MBR. Hence on payment of the ransom, the system cannot be recovered.

It is reported that the first around 45 victims who paid the ransom of around US $10500 in Bitcoins have not received the decryption keys.

There is therefore no hope for Pipavav Port or Jawaharlal Nehru Port Trust (JNPT) or any other victim of Petya (also called NotPetya or GoldenEye) to recover the data. They need to dig into their back ups and re construct their lost data.

However, what we in India need to be concerned more about the future attacks of similar nature that may be more devastating than the WannaCry or Petya. We in India are now on the eve of GST implementation and the Aadhar Based Payment systems, both of which have a highly centralized system structure which if infected, can cause havoc across the country.

It is to be noted that the devastation that occurred in Ukraine by  Petya malware was because the malware first infected a program called MeDoc through an official update from the vendor. This was a tax accounting system perhaps widely used in the country and hence it spread like wild fire.

When our GST is in place, we will have a “One Country- One Tax” system and it could bring in many benefits of its own. But at the same time, it may also turn out to be a “One Malware infection Point” in place and God forbid, if this is infected the country’s economic infrastructure may come down.

In a recent press statement, the authorities in charge of GST have stated that due to lack of time, they were not able even to complete the “Functional Testing” fully after the changes that continued upto the last minute. It is therefore reasonable to expect that “Security Testing” has not been also completed.

It is hoped that nothing will go wrong as we function under the Amir Khan’s “Three idiot’s Principle” that “If you believe All is well, then everything will be fine”.

I am sure that enough Poojas have been conducted across the country to ensure that the system works fine. If not, we need to organize such poojas to coincide with the launching of the GST at the midnight hour tomorrow.

But the Murphy’s law says that “If anything can go wrong, it will” and security observers have more faith in this principle than the Three Idiot’s principle.

In a country like India which has a constant terror threat supported by countries like China, there is every possibility that what may normally not go wrong statistically may also go wrong since there are enemies working on destroying the country both from outside and also from within including the political parties like Congress, TMC, National Conference, Communists etc. Hence even if a small vulnerability is found in a system like GST, the possibilities of it being exploited are near certain.

Our response to Petya should therefore include how we face a situation where a Petya type of destructive malware spreads through the GST system.

The first thing the GST authorities as well as all individual assesses should do is to always keep a 100% back up of every document that is created and processed in the system and that such back ups should be maintained in an off the network system which is well protected with a good malware protection system. GST needs to maintain a robust DRP/BCP system to have a parellel system ready for switch over in case the main system comes under a Cyber Attack.

All businesses should ensure that they donot link their operational computers directly to the GST system but use a separate computer to upload and down load documents to GST. Any transfer of files from their current accounting computers and the GST connected computer should be done securely avoiding spread of any malware during the transfer process. Similarly, the main accounting system should be insulated from normal internet activities including e-mail and web surfing. SMEs may find this burdensome but if they need to avoid regretting later, this is a small investment they need to consider.

Since the GST system was built when WannaCry had not yet been recognized as a big threat, it is possible that it might have used all the vulnerabilities that the recent set of malwares have exploited.

I hope the security agencies will be upto the task to super impose ransomware protection on the current GST system and ensure that our national system is well protected.

Refer articles:

GST Network safe from global malware attack, says CEO Prakash Kumar

No time to test software now, says GSTNetwork chairman Navin Kumar

At the same time, for whatever it is worth, we need to declare the GST system as a “Protected System” under Section 70 of ITA 2008 and also make it public that any attack on the GST system will be considered as a “Cyber Terrorist” attack which can immediately invoke international treaties for both investigation and protection.

Naavi

 

Print Friendly, PDF & Email