NAVI MUMBAI, MAHARASHTRA: MGM Hospital Vashi, had been under the target of hackers and ransomware attack. An hacker locked the data on the hospital’s IT systems mainly computers and sent them a web link demanding ransom in bitcoins to unlock the data.

MGM Hospital’s management system had lodged a complaint with the cyber crime cell and an FIR with Vashi Police Station under IT Act’s section 43 and section 66.

HOW DID THE HOSPITAL STAFF REALISE THE ATTACK ON THEIR COMPUTERS?

On Sunday, when one of the staff member who had remote access to the hospital’s network from his residence, and received an system alert message that was being displayed on screen saying that their computer(s) has been hacked and that they have to contact the culprits (hackers) to retrieve the data.

WHAT MEASURES DID THE HOSPITAL TAKE TO STOP THE ATTACK FROM SPREADING ALL OVER THE COMPUTERS IN THE HOSPITAL INFRASTRUCTURE? 

The hospital authorities switched of all the computers that were the part of the hospital’s local network. But it was too late as all the computers were already infected. 

WHAT WAS DISPLAYED ON SCREEN OF THE INFECTED COMPUTERS?

It said that the system had been hacked and the hospital should contact the culprits on the provided email address to retrieve the data.

HOW MUCH AMOUNT WAS DEMANDED?

The web link was sent by the hacker contained ransom demand, but the hospital authorities did not open the link. The hacker asked the payment in bitcoins.

As of now the hospital’s administration is working smoothly and there is no financial loss. Hospital staff might have clicked on a spam link sent from a suspicious email which might have caused this. The data hacked was of 15 Days.

Source: Times Of India, The Hindu

WHERE DID IT ALL START?

May 12, 2017 saw the biggest ever cyber attack in the History of Internet. A Ransomware named WannaCry stormed the web worldwide and was bigger than Dyn DDOS which disrupted internet related services and platforms in Europe and North America on October 21, 2016.

WannaCry leveraged a vulnerability in Windows Operating System first discovered by the NSA, and then Publicly revealed to the world by The Shadow Brokers (TSB) a hackers group who were active in 2016 and published several leaks containing hacking tools from National Security Agency (NSA). The exploits and vulnerability presented were targeted to enterprise Firewalls, Antivirus Software and Microsoft products.

In the first few hours, around 200,000 machines were found to be infected. many big organisations were crippled by the attack. But it wasn’t the only one, few weeks later a ransomware named Petya started spreading worldwide affecting companies, Banks, Hospital Medical Machines, and general Computer users.

Ransomware attacks has been a growing trend from the last 3 Years, and will keep on spreading with their new avatar and revisions as the time passes. Ransomware creators and other cyber criminals involved are remorseless. They’ve automated their attacks to the point of targeting anyone and everyone so, in a few seconds all the data will be encrypted and they’ll have just a few hours or days to pay hundreds or thousands of dollars to get it back. Unless they have a backup, which most people don’t.

SO, HOW DO YOU STAY PROTECTED FROM RANSOMWARE ATTACKS?

1. Backup your data regularly

Don’t just store your important document on your PC get an external hard drive or a Network Attached Storage (NAS) like https://tensaicomputers.com/product/x-nas/ or https://tensaicomputers.com/product/uni-nas/ which makes your data safe and secured from any corruption or ransomware attacks.

2. Make sure your Operating System is updated

It is easier for the hackers to target a computer(s) which isn’t updated time to time. As operating system sports large number of certificated and plugins to function securely and efficiently and have their own Issuer Date and Expiration dates. So operating system updates as well as security updates are necessary to keep your computer protected from hackers.

3. Avoid clicking on web links or activating macros in malicious documents sent by the anonymous E-Mails

It a usual practice for the hackers to send you a link with infected code to your E-Mail and gain access to your computer and personal data. Also never download any attachments from Inbox or Spam E-Mails sent by unknown senders. Turn off macros in Microsoft Office Suite – Word, Excel, PowerPoint Etc in your browser.

4. Adjust browser security and privacy settings for increased protection

Browser security settings matters the most, if you don’t use Adobe Flash, Adobe Reader, Java and Silverlight plugins remove them from your browser. Or if you use them sometimes then you can set the browser to ask you if you want to activate the plugins.

5. Using Ad Blockers

Ad Blockers are software programs as well as hardware devices which is connected to your network infrastructure and all of your network communication to and from the router is diverted through the Ad Blocker. This make sure you don’t accidentally click on spam links displayed through the web pages.

6. Use Guest Account on your operating system

Avoid using Administrator accounts, administrator accounts as the name says have high level privileges which if under hackers control could cause massive destruction, so its better to use Guest accounts with limited/ low level privileges.

Please take the threat of ransomware seriously and do something about it before it hits your data. I’ve seen too many cries for help and too many people confused and panicked when their files get encrypted.

If you work in a hospital and you trigger a crypto-ransomware infection, it could actually endanger lives. Learning how to prevent ransomware attacks is a need to have set of knowledge with techniques and you can do it both at home and at work.

So, what does section 43 and Section 66 of IT Act include?

Section 43: Penalty and compensation for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network, or computer resource:

1. accesses or secures access to such computer, computer system or computer network;
2. downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
3. introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
4. damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
5. disrupts or causes disruption of any computer, computer system or computer network;
6. denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means, provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under;
7. charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected.
8. destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility by any means;
9. steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

Section 66: Criminalises the sending of offensive messages through a computer or other communication devices. Under this provision, any person who by means of a computer or communication device sends any information that is:

1. grossly offensive;
2. false and meant for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will;
3. meant to deceive or mislead the recipient about the origin of such messages, etc, shall be punishable with imprisonment up to three years and with fine.