Naavi.org

This is an open letter to our honourable Prime Minister Mr Narendra Damodar Das Modi, our honourable Finance Minister, Mr Arun Jaitely, our honourable Minister for IT, Mr Ravishankar Prasad, our honourable Minister of Home Mr Rajnath Singh and also to the Secretaries of the Ministries of Finance, IT, Home, as well as the RBI Governor Mr Urjit Patel and the Director General of CERT-IN.

Over the last few months, India has been witness to a series of attacks not only from across the borders of Kashmir, but also from the Cyber Space. It will not be long before the enemies across the borders and the enemies from Cyber Space converge more effectively than what they are doing now so that they can recruit more physical terrorists and inflict damage to the country.

The recent Cyber attack in which a ransomware called “WannaCry” infected over 2 lakh computers across the world and an estimated 40,000 in India itself should strike a warning bell in us since we in India are preparing for ushering in a “Digital India” with ‘Digital Payment’ systems replacing our currency system and introducing concepts such as smart cities and smart gadgets of various kinds leading our future.

The country’s dependency o IT systems is growing by the day and with the possibility of Aadhar Enabled Payment Systems coming into use, the vulnerabilities are all around us. If these vulnerabilities are exploited by our enemies, then the country will be irretrievably pushed back in its development agenda.

It is reported that there was recently an advertisement in the dark web stating “Let’s Kidnap the Planet” promoting a “Ransomware”. Though we may be relieved that WannaCry did not hurt India as much as it did some other countries, this relief may be short lived and we cannot be complacent. A whole industry is said to be coming up around “Ransomware” as indicated in the following report.

Ransomware: “Let’s Kidnap the Planet!”.

According to this report, ransomware is growing at an alarming rate because there is enormous money to be made. The report says that a study has indicated that 40% of the victims paid the ransom and some malware rakes in upto $ 30 million every 100 days. Hence the menace will continue and new variants of ransomware will keep coming up.

While technology people work out technical solutions to ensure that observed vulnerabilities in systems are quickly and effectively plugged, the Governments also need to device their own strategies and build a multi pronged Counter strategy to defeat the design of these Cyber Financial Terrorists to kidnap the planet for their personal gains or otherwise.

Though the initial crop of ransomware may come from techies who are not conventional terrorists who kill people for religious fanaticism or otherwise, ransomware is a tool which is easily acquired by conventional terrorists and it is reasonable to expect that it should already be in use for fund raising by terrorists not only in Kashmir or Naxalites in India but world over by many rogue elements.

A time has come now for us to initiate some measures which is in the hands of the Indian Government to mitigate the risk. I would like to highlight one such measure here since this is currently under the radar of the Finance Ministry and the RBI.

I am referring to a concept called “Bitcoin”, which is the most successful “Crypto Currency” in circulation in the word and traded in exchanges against legacy currencies like dollars.

There are countries which have formally recognized the Bitcoin as a currency for public to use in exchange of goods and services. There are even ATMs which can be used to withdraw dollars against bitcoin holdings and also for depositing dollars into bitcoin wallets.

The current bitcoin  (BTC) exchange rate is around Us $2000 and about 300,000 exchange transactions take place per day (Source www.coindesk.com).

Countries like China are reported to have invested a huge sum of money to acquire Bitcoins both by mining it themselves and also perhaps by buying from the market.

Bitcoin is created by computer operations which is called “Mining” but the total stock of Bitcoins in the world is limited to 21 million by design and it has become almost impossible now for any ordinary computer user to mine new Bitcoins. Most of the Bitcoins presently acquired are traded Bitcoins. Since Bitcoin has been a currency of drug mafia and other underworld activists, most of the current stock (Which is a commodity in legal sense) is tainted as having been used as “Money Laundering Tool” in the past. Hence most current stocks in India are legally like “Stolen gold pledged with a pawn broker” which is sold and resold.

Now there is a lobby in India which is trying to convince the Government and RBI that Bitcoins should be legitimized in India. Government has even formed a committee to bring in regulations for Bitcoins. The industry has started spreading the rumour that there will be regulation but there will be no ban on Bitcoins in India. Recently, one of the Bitcoin exchanges in India reported that they are receiving more than 2500 new registrants each day.

The confidence with which the industry is claiming that the Bitcoin Regulation Committee will only “Regulate” and not “Ban”  Bitcoins creates a concern that the industry might have already got a hint of the things to come.

Bitcoin technology called “Block Chain” is technically fascinating and there is every possibility that the Committee members may be impressed to accept the technology. Many Banks are advocating its use for authenticating Banking transactions.

There is no doubt that “Block Chain” technology is an innovative technology but the way it has been used in Bitcoins as well as the way it is proposed to be used by Banks in India is not within the legal frame of the country.

Most importantly, there is a level of anonymity in Bit coin transactions which make it the best parking place for Black Money. Though technically, technologists claim that Bitcoins can be traced and FBI has the capability, the challenge is imposing. India is presently not capable of tracing Bitcoins and unless a global coordinated effort is launched, Bitcoin tracing is not practical.

There is a possibility that a Crypto Coin is seeded with a regulatory mark (Like an RBI seal) to make it usable as a replacement of printed paper currency. But the Bitcoin and other Crypto coins in circulation are anonymously generated and is outside the economic system of the country.

Allowing “Non RBI seeded Crypto coins” to be created and circulated is inimical to the economic interests of India and hence if there is any regulation, there should be a total ban on any “Crypto Currency” other than one which is released by RBI.

This is common sense like saying that no currency printed in India is valid as a currency unless it is printed in the Government Mint and carries the signature of the RBI Governor.

The second aspect that we need to recognize that Bitcoin today has become the currency of operation of the ransomware operators and one effective way to curb the menace of ransomware is to eliminate the use of Bitcoin worldwide so that the holdings of Bitcoin become worthless like the demonetized notes.

Just like high denomination notes were demonetized on November 8, 2016, the Government of India should “Demonetize Bitcoins” and force all existing holders of Bitcoins who are citizens of India  to declare their present holdings and convert them to legacy currencies within a certain time of say one week after which holding of Bitcoins should be declared as an offence.

At the same time, we should work on getting other Governments to also take similar steps by raising this issue in the UNO so that we can move towards a global ban of unregulated crypto currencies and more particularly the Bitcoin.

If this is not done, we will have terrorists using Bitcoins instead of Havala to exchange money and pay the stone pelters of Kashmir and other Terrorists, Naxalites and Criminals. Bitcoin Ban will also prevent corrupt politicians, bureaucrats and businessmen from holding their black wealth in the form of Bitcoins.

Hence the request to “Ban Bitcoins” and “All Unregulated Crypto Currencies” should be considered as an extension of the November 8, 2016 move to demonetize Black wealth.

At the same time, Banks who are experimenting with authentication of transactions under the Block chain technology should review the legality of the operations involved before further action is involved.

I would like everybody to remember that Bitcoin is fascinating like the hood of a King Cobra. But we need to keep away from it to remain safe and not try to go near. Some may say, King Cobra can also be handled if we know how to handle. But only those who know the risks know how safe it is to sleep with the King Cobra.

I therefore urge the Indian Government that we should defeat the Cyber Financial Terrorists by choking their source of revenue and one of the first steps in this direction is to ban Bitcoins in India.

I request the Committee looking into the regulation to consider this as a submission from a concerned Indian citizen and take it on record before arriving at their final decision.

Naavi

(Na.Vijayashankar)

Bitcoin supporters are now in a PR thrust mode trying to lobby with the Media and bring influence on the Modi Government for a favourable dispensation including some kind of recognition for Bitcoin.

According to this story “India is preparing Bitcoin Regulations and a Ban is unlikely”

The report makes a categorical statement that “..It is also becoming increasingly likely that authorities will not ban digital currencies in India.”…”..It continues to state “…A televised CNBC report in mid-April revealed that Indian authorities were leaning toward acknowledging bitcoin, granting it a legal status in the country with regulatory oversight by the government.”

However, one of the visitors to the site made the following comment which is revealing.

” Well, That is unlikely but rumors have come that RBI has stated all India banks to close down all accounts dealing with bitcoins. But have avoided giving reasons to the consumers. Axis Bank has started giving notice to the customers who are dealing in Bitcoins to close bank accounts within 30 days. with a reason that “your transactions are to be on serious concerns.” when asked for the reason, they have not replied it yet. One of the Yes Bank Manager had a chit chat with me in this regards (Denied to disclose name) but have stated that they indeed received notification from RBI to close such activities and Axis Bank letter was issued, right after 2 days of that, coincidentally.

I don’t think India is getting towards it, and even if they will, I have strong feelings (Bad Feelings) that they will apply apply such rules which will not be beneficiary for normal consumers to do so. This is my personal opinion and feeling. and I am against that, but truth can not be denied that Indian Government seems to be nervous approving it or rather to say “suffering from fear of adopting new Technology” Since they can not and they will not be able to completely control over it.”

I have earlier made extensive comment on my view that Bitcoin is an “Electronic Commodity” and not a “Currency” in the way people perceive currency such as Rupee or Dollar.

I have also stated a number of times that a majority of stock of Bitcoins in the world have passed through the hands of criminals and are therefore tainted. Acquiring,holding or transacting with these Bitcoins is therefore not supported by law and can be punishable.

Much to the discomfort of many of my friends in the technical circles, I have recently been stating that there is a case for a “Global ban” on Bitcoins because it has become the “Currency that is aiding and abetting Financial Terrorism” through ransomware.

However, enthused by the recent news report that Japan is legalizing the currency the exchange rates of BTC has surged to around $2000. Taking a cue from the news that even Russia may legalize the currency, Bitcoin industry is now going behind the Indian Government and planting stories in media that India also may legalize Bitcoins.

It may be true that the Government might have formed a committee to go into the issue which may work on a regulation for “Crypto Currency” in general. It is a pure speculation that this committee will legalize the “Bitcoins”.

In fact, there is no legal base in India by which “Bitcoin” can be recognized as a “Currency” even if another country like Japan or Russia accords recognition. If the committee suggests such a provision it will be ultravires the law.

Bitcoin community is also trying to confuse the issue with Indian Bankers by riding on the “Block Chain” as a technology and “Crypto Currency” as a concept to strengthen their claim for recognition of Bitcoin.

My opinion is that

a) Bitcoin as an Electronic Document is today considered as some thing similar to a club chip bought for cash. (I am ignoring that the holder can be a miner in which case it could be considered as legal)

It does not come under  the Payment and Settlement Act,  which recognizes three types of “Prepaid Instruments” (Refer RBI circular here) namely  “Closed” system or “Semi Closed” system” or “Open” system.

b) Bitcoin is not a currency since it does not carry the backing of RBI as a legal tender.

c) Crypto Currency as a concept is fine and RBI can consider adopting it as part of its future strategy to issue currency.

d) Block Chain Technology is also fine though I doubt very much that the way it is being implemented as we understand in the Banking circles is ultra vires the Banking laws.

e) Any acquisition of Bitcoin from a foreign holder needs to be in accordance with the Import regulations under FEMA. Any acquisition in India even against payment of white money is only legal if the entire chain of custody of the unit of Bitcoin from its first generation to today has gone through identifiable individuals for legal exchanges only. Only “Mining” is legal but I doubt there is any single person in India who has himself mined a Bitcoin in India.

In the light of the above, it is not possible for the Committee of executives to recommend any form of legalization of Bitcoin. If they do, they are open to legal challenge.

It is possible that some politicians may be in favour of Bitcoins as it is a better form of storing black money particularly in the light of the demonetization of Indian high value currency. I am reasonably certain that many politicians and businessmen are already in possession of their black money holdings converted from their Swiss Bank accounts to Bitcoins.

It is necessary for the Modi Government therefore to ensure that they donot create an alternative mode of holding black money.

Additionally, in view of the entire “Ransomware Industry” being dependent on Bitcoin as a currency , one effective way for the world community to check the spread of Ransomware is by outlawing the Bitcoins on a global scale.

I would like India under Mr Modi to take the global leadership to outlaw Bitcoin even in countries where recognition has already been accorded and get it recognized as the “Currency of the Terrorists”.

Simultaneously, RBI should not allow vested interests to get some form of Block Chain technology to get into the Banking system without being vetted for compliance of Indian laws.

In my understanding,

Block Chain technology works where there is a “Public Ledger” to be kept of transactions which may be authenticated by any member of the public.

Every body tries to solve a puzzle while being witness to the transaction and one of them succeeds. He will be rewarded and recognized as the “Authenticator”.

This system cannot work in the Banking system where authentication is given of a transaction by a Bank with whom the client has a banker customer relationship.

The transaction cannot be tossed around to public and a public ledger of transactions published to a number of people who are not “Power of Attorney Holders of the Bank”.

Also if the number of such participating persons is not large, the system will fail statistically and fake authentications get created. Bitcoin survives because any attempt of creation of a fake authentication is defeated by the very large number of persons who will not authenitcate.

This formula cannot work in the Bank which wants to use a “Block Chain” technology for authentication of any bank transaction.

I request representatives of Banks who are experimenting with Block Chain technology to convince me that I am wrong.

I consider that the Banks are being influenced to endorse the Block Chain technology because it legitimizes the Bitcoin and hence this experiment is being supported by the global bitcoin commodity.

I want NDA Government to recognize that there is no legality in the claim made by Bitcoin that it should be considered as a “Recognized Currency in India”.

Instead I request the NDA Government to take up with the other countries in the UN to establish that there is a global welfare thought in demonetizing Bitcoins and it should be treated as a “Counter Cyber Financial Terrorism Strategy”.

The total Bitcoin wealth around the world is estimated to be valued at US$ 33 billion (Over Rs 2 lakh crores in INR) and all of this is financing Ransomware, Drugs industry, Illegal Arms industry and Black money with politicians etc. If all this wealth is de-anonymized, all countries will benefit from the flow of this wealth into the regular economy.

I hope the members of the “Committee To Advise Government on Bitcoins” are listening.

Naavi

Also Read:

Here’s why Bitcoin prices rose by 60% over a month

Bitcoin is a Speculative Asset, Not a Currency, Says Economics Professor

Despite RBI caution, Bitcoin exchange Zebpay adds 2.5k users a day in India

At Naavi.org..in ransomware context

1. One more reason why there should be global ban on Bitcoins
2. It is time for a world wide ban on Bitcoins

[P.S:. I thank Mr Niket Popat, a security professional from Gujarat for bringing this potential scam to my notice.]

Some time back, we had brought to the notice of the public through our article: “Jio upgrade Phishing..Jio and Hyderabad Police should act” , an attempt to impersonate Jio and cheat public through a phishing site. In the article, I had provided an e-mail and mobile to be investigated.

I am reasonably certain that neither the Police nor the Jio itself took any action in this regard as “complacency” and “”Irresponsibility” is a common trait and it is one reason that India is always moving from one crisis to another. If WannaCry has passed over, there will be other malware that will soon attack us because some body somewhere is negligent and release a software with a bug, or keep the software unpatched or click on a poisoned hyper link.

However, it is one of the duties of security professionals not to lose hope and be optimistic that at least after repeated reminders, some effective action will follow.

Now it is the time of Flipkart and Bangalore Police to take suomoto action on what is being presented here so that possible frauds in the name of Flipkart can be prevented.

We have here an evidence of a preparation by some fraudsters to commit a fraud by impersonating themselves as “Flipkart”. We also have a proof that this is a case of impersonation which is punishable under ITA 2000/8 as a cognizable offence under Sections 66C and 66D with 3 years imprisonment. Also it is business prudence that if some of these frauds go through, it will hurt the image of Flipkart and therefore it is PR issue for the company. Also, if the frauds go through because Flipkart allowed it to go through, we can allege Flipkart to be complicit in the successful perpetration of the fraud by its “Passive assistance” which could be considered as an offence under Section 43 of ITA 2000/8.

A Fake website in the name of www.flipkart-big-sale.com has been registered and hosted by a fraudster with a message indicating sale of a number of popular items at throw away prices just like the 97% discount sale in Amazon reported here some time back.

The victims may make payment of the money and either not get any response, or get fake products or get some junk. The exact manner in which the fraud may take place is not known.

It is also possible that the site may use this offer to get the credit card details with CVV number and then simply reject the payment and sell the information to another fraudster who uses the credit card credentials to fraudulently withdraw the money. Then the victim may not even be able to connect the attempted purchase attempt that has failed to the credit card fraud and find it difficult to recover the amount.

It is possible that the fraud has already started from 17th May 2017 because the website has been registered on that day and there may be already some victims. Soon there will be a number of WhatsApp messages that will go viral and try to make people try this sale offer.

Many may think that Flipkart has just concluded a Big Sale and hence many may think that the the Big sale must still be open and respond to this advertisement.

The website has been registered with GODADDY.COM.LLC who is a registrar accredited by ICANN. If the fraud is successful, both GODADDY and ICANN will be accomplices.

According to the details of registration the website has been registered by a person by name Abhay Shanka, New Delhi with an email address hx90214@yandex.ru. In all probability the address and the phone number may be wrong.

According to the domain name registration rules, GODADDY cannot register domain names when the registration particulars are false.

Registration of a domain name with false particulars is itself a fraud which GODADDY should not condone. We remember that GODADDY is a beneficiary of this domain name registration and hence their hands are not clean.

It may be recalled that in the celebrated “Baazee.com” case where the company and the CEO faced criminal trial for a Section 67 (ITA 2000) offence committed by one of their customers, the fact that Baazee.com was a commercial beneficiary of the transaction was an important point that weighed against the Company.

Though apparently there is a false information, if Police is interested, it is possible to investigate and identify the registrants.

We are aware that recently, Republic TV brought out some information on ISIS activities in Hyderabad at great risk to the life of its reporters which constituted credible evidence. But the Police were reluctant to act. They registered the case and questioned the suspects but did not secure them though the alleged offences were all serious offences where life imprisonment was possible.

At the same time Police in Karnataka are known to have recently arrested an Auto driver for being an administrator of a WhatsApp group in which some objectionable content was posted.

So it all depends on the intentions of a particular police officer. If he is interested, the case is pursued. Otherwise, it is not of interest.

It is however necessary for Flipkart to take action including immediately getting the domain name blocked immediately by sending a notice to GODADDY. It would be better if they file a complaint with the Police so that the matter cannot be ignored.

If Flipkart can make an example of this case and gets the persons involved in the fraud punished, then such fraudsters may think twice before tarnishing the Flipkart name again.

Will Flipkart and Bangalore Police Act? and try to prevent the crime?… Let’s wait and watch.

Naavi

Zomato a leading Mobile App owner and a restaurant guide has suffered a major security breach in which 17 million data sets of customers including the name, email address and hashed password is reported to have been lost.

Read Article here

The hashed passwords are said to have been hashed using the MD5 algorithm which is considered  weak and has already been dis-accredited even in India for a long time.

Most of the customers of Zomato are Indians particularly from the high income group of IT workers who use the App on a regular basis.

It is suspected that the data lost may include the payment details which may include Credit Card and Bank related data.

This is therefore a very serious situation that could in association with the currently prowling ransomware and other malware could create chaos in the Indian Financial Markets.

We have a real Cyber Financial Terror threat on hand and need to defend the situation in national interest.

There are discussions about what kind of liability does Zomato face under Section 43A of ITA 2000/8 for failing to provide “Reasonable Security” for the “Sensitive personal Data”. This is a legal discussion which can be kept for a post mortem analysis.

But what we now need to decide is an action plan on how to handle the crisis. This is a disaster management situation where the Private Sector, the Public Sector as well as the regulators need to come together and find solutions to first contain the damage and ensure that there is no large scale adverse effect on customers of Zomato.

There will be two kinds of Zomato Customers. Those who have downloaded the App and used it for searching the restaurants and those who have further ordered food through Zomato and made payments.

According to Zomato, all payment information on Zomato is stored in  a highly secure PCI (DSS) Compliant vault and hence no payment information or credit card data has been leaked.

Zomato also claims that the passwords leaked are in hash format and hence is not easily readable though there is a claim that MD5 hashing is not secure enough.

On the other hand, the Privacy Policy of Zomato says:

“We assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.”

It is doubtful that such blanket self declared indemnities are valid in law.

In US, it is common regulatory imposition in such cases for the organization to pick up the cost of “Data Identity Theft Insurance” for a certain period such as 2 years. (Such insurance may cost around $30 per person and in the current instance it would be of the order of $500 million in total). Such an insurance covers consequential losses that may arise to the data subject on account of the current breach.

In India we donot have any precedence of any organization being held liable unless an individual files an Adjudication application under ITA 2000/8.

ITA 2000/8 of course provides an option for the Adjudicator to take Suo Moto action on behalf of unnamed victims and impose a fine on an offender but we can be reasonably certain that no Adjudicator may do so. (In the current case, the jurisdiction may fall on the Adjudicator of Haryana.)

The companies like Zomato are ignorant that there are multiple sections under ITA 2000/8 where civil and criminal liabilities are defined for lack of compliance.

While the company claims PCI DSS compliance, there is no indication of whether the Company is “ITA 2008 Compliant”. It is obvious that the company may not even be aware of the need to be ITA 2008 compliant and like many other companies, big and small, consider Indian laws with a “Chalta hai” attitude while looking at international laws with reverence.

Some are suggesting therefore that this is the time to make Zomato an example and make these companies realize their responsibilities. Naavi has a history of pursuing Banks for their negligence and has been shouting from roof tops that the Start Up companies using Mobile App based business model should also be ITA 2000/8 complaint and should not be blinded by being certified either under ISO 27001 or PCI DSS.

Unfortunately most IT personnel in these companies donot want to take responsibility for running the business fairly and take the consumers for a ride. Professionals in such companies often are not worried since at the first such instance they leave the troubled company and join another company leaving the promoters to go behind bars if necessary.

Promoters on the other hand are often dependent on professionals who donot take any liability for their negligence and end up paying the price.

If CERT-In and the Police are strict in implementing the provisions of ITA 2000/8, most of these companies will find their business unviable under their current business models.

Without further hurting the already hurt Zomato, its promoters and their IT professionals, let us see how the situation can be salvaged.

Zomato presently uses a Privacy Policy and Terms which indicate their present commitments to security which need to be reviewed. A Copy of the Privacy and Terms of use is available here.

The Privacy Policy is an “Implied Contract” which is a “Standard Form Contract” and an “Unconscionable” contract. It is legally unacceptable and hence cannot be defended. This was my argument against Banks and will hold against these companies also.

We can therefore consider that the Company is likely to be held liable to prove its “Due Diligence” with the appropriate authorities and the Courts if required.

It can however be said that ITA 2000/8 compensates when a loss has accrued and not on a possibility of loss. Hence Zomato may not immediately be liable for any actual loss. There is also a lack of “guilty mind” and hence  it can defend against normal criminal charges.

However, regulatory agencies may be able to persuade and it would be a good gesture for Zomato to offer a warranty to its customers in the form of “Cyber Insurance Coverage” against “Any loss that may arise to the customers of Zomato, within the next one year on account of data loss that can be directly attributed to the current breach, subject if necessary to a limit of (say) Rs 25000”. I am sure one of the Cyber Insurers can structure a policy of such nature.

Additionally, Zomato should assure to revise its Privacy Policy and Terms to be in tune with the legal requirements in India and also introduce a grievance redressal mechanism (Which may include the Online Dispute Resolution Facility similar to what is suggested in www.odrglobal.in) .

As a PR exercise it can also provide some discount coupons to soften the impact to all those customers who are willing to forego the Cyber Insurance coverage otherwise offered. (Probably most would opt for this rather than wait for Cyber Insurance).

The CERT on the other hand needs to examine the claim of the company that the critical data lost is in encrypted/hashed state and the risks are containable.  Users will better change at least the VBB associated with the cards (or its equivalent) they might have used in their transactions with Zomato.

Credit Card Risk managers need to create an “Adaptive Authentication Filter” by which any card used at Zomato would be flagged for additional authentication.

With such protective measures we may be able to reduce the impact of the crisis until another reckless App company brings in another crisis for the Citizens of India.

Naavi

I argued yesterday that it is time to place a global ban on Bitcoins .

The reasons were clear. We need to disarm the Cyber Financial Terrorists like those who were behind the WannaCry ransomware and could also be planning for other ransomware attacks with Uiwix and Jaff. We cannot allow these terrorists to benefit by bleeding the market. Even if the current perpetrators are small time fraudsters as some think they are, I anticipate that other professional terrorists including rogue countries such as North Korea and Pakistan would be quick to adopt these ransomware as their own weapons to carry on their proxy war against their own enemies.

Now today’s report says that “Another large-scale cyberattack under way”.

According to this report researchers have discovered a new attack linked to WannaCry called Adylkuzz,  which  uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose.

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.

This sort of infection had been reported earlier also by one free software and this is a re-play of similar efforts to use the resources of the target computer to mine “Crypto Coins”.

This indicates that all “Unregulated Crypto Currencies” are the likely beneficiaries of such attacks and they need to be addressed as “Tools of Cyber Robbery” though this is more in the nature of a salami attack.

Though Adylkuzz is not directly linked to Bitcoin, it indicates the possibility of “Monero” also developing itself into a currency of the underworld and should be nipped in the bud. Monero is today only in the range of Us$ 27.60 as against Bitcoin which hovers around US$ 1760. It is therefore not as popular as Bitcoin. But soon it can become a Junior Bitcoin and we need to also consider banning such currencies which feed on cyber financial terrorism.

Naavi

Wanna Cry has not only affected companies, but also individuals who donot actually are target audience for payment of extortion money. Hence this advisory for such people.

Leaving all the technical discussions to the experts, I would like to provide the common man’s guide to fighting the ransomware like WannaCry. This advisory is meant for circulation in the Whats App Groups of non technical persons.

If you are not so far affected by WannaCry, consider yourself lucky. But your luck may not hold for long and hence act immediately with the following steps.

1. Disconnect Internet and donot use Internet or E Mail until the following exercise is complete.
2. Buy one external hard disk matching your computer memory and create a full back up of both your operating system and the data.
3. Windows  provides an easy system back up option. You can use it. Additionally data can be backed up manually.
4. Ideally have two back ups, one created through windows and another manually.
5.  Some Anti virus software also provide their own means of creating a recovery disk. Create such a Recovery disk through the anti virus software. Also create another recovery disk through the process recommended by your computer/laptop manufacturer so that you can re-install the operating system from scratch.
6. Some security software manufacturers may provide options for recovering the computer without re-installing the Operating system. But this may be complicated for an ordinary computer user.
7. Now go back to the computer and Internet. Update your Windows to current version (Windows 10) and apply all patches. Download updates to your anti virus software. I advise you to also use a paid version of Malware Bytes or such other dedicated anti malware software as a second defense.

Now you may be ready to face the consequences of a future attack. If there is an attack, donot pay ransom. Re format and restore the OS and data from the back up.

In case you are affected before you have taken the back up, it is most unfortunate. If you feel your data is not that critical, forget the incident as a bad dream and start afresh. Even if you are tempted to pay the ransom, beware that buying ransom amount in bitcoin and paying it to the extortionist is itself a punishable offence since it is classic “Money laundering”. Also there is no guarantee that the data would be restored even after payment.

if you are a professional, keep a record that your computer was in fact attacked. This is by having a certified copy of your desktop with the ransomware message. CEAC.IN will provide the details of how this certificate can be obtained. This is required as an evidence since some time later, the taxman can ask you for the data which you may refuse and he may charge you for not providing the required data and assess you with a penalty.

After certification, you can keep the hard disk preserved so that if in the event that some good samaritan finds a decryption key for the WannaCry int he next few weeks, you may restore your data. In the meantime you may use a new hard disk to continue your activities with the precautions mentioned earlier.

Ensure that you donot spread the infection in your computer to other computers by forwarding infection ridden e-mails and messages. You should yourself now stop responding to phishing mails and clicking on the attachments from unknown sources.

If necessary, open your emails first on your mobiles before opening on the computer. Ensure that your mobile also has a good anti virus program running.

Remember that there would be phishing mails suggesting removal of WannaCry which itself may infect. Be careful even if the e-mail appears to come from “Naavi”. There have been earlier occasions when spoofed e-mails have gone apparently from “Naavi”. I will not take any responsibility for it. It is your responsibility to identify phishing e-mails and act cautiously.

Naavi

(P.S: Experts can suggest corrections if required to the above advisory. You can add your comment so that any person visiting this page would get the benefit of your suggestions.)