India in deep slumber as ransomware attacks, says cyber law expert

Law expert Pawan Duggal said the WannaCry ransomware attack was a clear case of the world caught napping and India is in deep slumber.

Published: 14th May 2017 12:11 AM  |   Last Updated: 14th May 2017 07:12 AM   |  A+A-

cyber crime, Hackers, Cyber bullying

Image used for representational purpose only. (File photo | Reuters)

By Express News Service

HYDERABAD: A few hours after the world woke up to the WannaCry ransomware attack on Saturday, the Telangana state police put out the usual ‘no need to panic’ message.

T Krishna Prasad, additional director-general for technical computer services said the Telangana police website was working well enough, why worry?

Later in the day, S Jayaram, assistant commissioner of police in the cyber crime division of Cyberabad followed up with a wise advisory: “So far we have not received any complaints. Servers must be secured. Systems must be protected with licensed software. The public must refrain from using pirated software. People should be careful about the emails they receive and check before downloading any email attachment.”

However, Supreme Court lawyer and cyber law expert Pawan Duggal said the WannaCry ransomware attack was a clear case of the world caught napping. And India is in deep slumber. “These are only initial reports. Only 24 hours have passed. The actual damage could be far more considering that cyber security is lax in India," Duggal said.

"India is a green field for cyber crime as ransomware does not come under the IT Act or under the Indian Penal Code. There is no national cyber security legislation that can elaborate the roles and responsibilities of stakeholders. As the threat has originated from beyond India, the investigations will end up at a dead end," he added.

Bipin Chandra, the former president of Hyderabad Software Enterprises Association (HYSEA), said Indian IT companies are better placed to withstand a ransomware attack. “They have a heightened sense of security as a vast majority of them are B2B services firms. Their clients ask for a certain level of certification and regular audits. So security awareness is high," he added.

Ransomware attacks are nothing new, he said. Organisations that don’t want to be vulnerable to attacks of the WannaCry kind should get their systems audited. System audit firms identify vulnerabilities and suggest hardware and software to plug the gaps.

Back in September 2016, Kerala's government website was subjected to a ransomware attack. Again, in March this year, the Telangana Forest Department’s local network of 20 computers at its headquarters was found locked by unidentified hackers who locked the files using the RSA-4096 virus. The virus infected the computers after one officer inadvertently downloaded an image file and shared it in the local network. The hackers, suspected to be Russian, then demanded an undisclosed ransom amount to unlock the data.

However, the department failed to kill the ransomware as its encryption with a strong algorithm proved to be be a tough nut to crack.

As a member of the 25-member IT wing (Forest Management Information System, FMIS) of the department told New Indian Express then, "Being a government department, we could not think of paying the hackers a ransom. Besides, there was no guarantee that the hackers would restore the data after payment. The only option left was to forgo the data."

After losing the battle to hackers, FMIS officials deleted the files in the affected computers and beefed up their IT security.

According to NIC, this was the first reported case of ransomware attack on a public system in the state.

Stay up to date on all the latest Nation news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp