WannaCry ransomware attack: How safe is your ATM?

0
379

May 15, 2017

As the global cyberattack called WannaCry cripples agencies across the world, experts say that ATMs in India are likely to be spared.

Ever since news of the cyberattack surfaced last Friday, people have been nervous about the safety of their data and money, leading many to speculate that ATMs might be the next target of this ransomware.

May 15, 2017

As the global cyberattack called WannaCry cripples agencies across the world, experts say that ATMs in India are likely to be spared.

Ever since news of the cyberattack surfaced last Friday, people have been nervous about the safety of their data and money, leading many to speculate that ATMs might be the next target of this ransomware.

Experts explain, 80% of ATMs in India operates on Windows XP, on top of that there is a firmware that runs it. This firmaware uses a method called “whitelisting of services” to ensure that only a certain number of activities can be performed through an ATM, such as, withdrawing money, checking account balance etc. Other activities are blacklisted preventing a ransomware to attack and cripple it.

“Most ATMs in India use whitelisting services to eliminate threat from malwares/worms within their internal networks. The WannaCry ransomware does not look like something that will affect the ATMs in anyway unlike personal/corporate endpoints,” said Saket Modi, CEO and co-founder, Lucideus. Lucideus is an IT risk assessment and digital security services provider.

WannaCry has struck banks, hospitals, government agencies across 150 countries and has been exploiting known vulnerabilities in older Microsoft operating systems to infect computers.

This fast-spreading malware is the first ever detected virus to combine both a worm — which enables it to penetrate into a network from a single infected computer locking files in its wake — and a ransomware, demanding $300 in Bitcoin virtual currency to unlock systems.

The panic among people is palpable, just last year in October, a server hack had hit Indian ATM’s corrupting over 3 million cards issued by 19 Indian banks.

At that time, the attack was on one of the companies that provide the ‘switch’ for ATMs. Companies such as FSS, CMS and Hitachi Payment Services provide the ‘switch’ — a payment transfer engine that allows the ATM software to connect to interbank networks.

Most switches are in remote locations, not at the ATM itself. A bank branch that has an ATM is likely to managing its own switch, but the rest may be maintained by agencies such as Hitachi.

To ensure safety against any breach, this time, the IT ministry has reached out to key stakeholders like RBI, National Payments Corporation of India, NIC and UIDAI (Aadhaar) to protect the digital payments ecosystems against the ‘WannaCry’ ransomware.


Courtesy: HT