Ransomware Scare: CERT-In Issues Alert, Advisory on WannaCry

Maharashtra and Andhra Pradesh were two of the first states to be affected by the virus. 

2 min read
Ransomware Scare: CERT-In Issues Alert, Advisory on WannaCry

The Computer Emergency Response Team of India (CERT-In) has alerted internet users in the country against the WannaCry ransomware virus, that critically infects work stations, and locks them remotely. Over the weekend, over 150 countries were affected by the virus, that is expected to affect workstations in India on 15 May.

On Sunday, the Maharashtra police department said it had been partially hit by the ransomware. The Gujarat government began equipping its state computer systems with anti-virus softwares and upgrading its Microsoft operating systems.

The red-coloured 'critical alert' was issued by CERT-In, the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

It has been reported that a new ransomware named as WannaCry is spreading widely. WannaCry encrypts the files on infected Windows systems. This ransomware spreads by using a vulnerability in implementations of server message block (SMB) in Windows systems. This exploit is named as ETERNALBLUE.
Alert issued by CERT-In.

Following the alert, the Gujarat government kickstarted the process of equipping its state computer systems with anti-virus softwares, and upgrading its Microsoft operating systems.

Computers linked to the Gujarat State Wide Area Network (GSWAN), one of country’s largest IP-based IT infrastructure connecting taluka-level government offices to the state capital with around 45,000 computers, are being monitored closely, said Science and Technology Department Secretary Dhananjay Dwivedi.

A cyber ransomware is a type of malicious software that blocks access to a computer system until a sum of money is paid through the online medium.

Users have been advised to apply patches to their Windows systems in order to prevent its infection and spread.

The ransomware virus also drops a file named '!Please Read Me!.txt' which contains the text explaining what has happened (to the computer) and how to pay the ransom.

The stakeholders’ organisations include NIC for all government and state government systems, RBI, NPCI and UIDAI for protection of digital payment ecosystem, Department of Telecom to alert the ISPs for security of telecommunication network, Data Security Council of India (DSCI).
Statement by Ministry of Information and Technology

CERT-In has informed that many systems in Andhra Pradesh have been affected by the ransomware virus and that these PCs are isolated and not connected to larger networks.

Tips To Curb Spread or Avoid Infection

  • Check regularly for for the integrity of the information stored in the databases
  • Check the contents of backup files of databases for any unauthorised encrypted contents
  • Do not open attachments in unsolicited emails even if they come from people in your contact list
  • Never click on a URL contained in an unsolicited email, even if the link seems benign
Individuals or organisations are not encouraged to pay the ransom as this does not guarantee files will be released. Report such instances of fraud to CERT-In and law enforcement agencies.
Advisory by CERT-In

The IT Ministry said it has initiated contact with relevant stakeholders in public and private sector to advise them to patch their systems as per CERT-In's advisory.

(With PTI inputs.)

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Speaking truth to power requires allies like you.
Become a Quint Insider

or more


3 months
12 months
12 months
Check Insider Benefits
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!