27th May 2017, Kathmandu
The world just suffered from the biggest ransomware attack in internet history. The Wanna cry or Warcry ransomware which was released on May 12, 2017, affected more than 200,000 devices in 150 countries.
The ransomware operated on the Eternal Blue vulnerability of Microsoft Windows detected by U.S National Security Agency (NSA) and leaked by the hacker group “The Shadow Brokers.” The vulnerability was found in Windows versions below Windows 10. Realizing the existence of the problem, Microsoft had released a “critical patch” to remove the vulnerability from supported systems on March 14, nearly two months before the attack. But many organizations hadn’t yet installed the updates, resulting in a massive ransomware attack which encrypted important data of thousands of devices including those of FEDx, Britain’s National Health Service (NHS), etc.
We are lucky that though a lot of damage had been done by the attack even in our neighboring countries, India and China, not many cases of this ransomware were reported in Nepal. But is Nepal safe from such attacks In the future? The answer is “No.” A recent report of Kaspersky showed that most of the systems affected by Wanna cry were operating on Windows 7 which is still the most used operating system in Nepal. Further, we Nepalese use pirated software packages which are unsafe and have bugs, making our systems more vulnerable. Many of the important companies and ISPs of Nepal are still operating on old systems which are more susceptible to attacks.
Security is not a product but an ongoing process. A hard look has to be taken on the current systems’ scenario of Nepal. Important systems should be regularly updated, and genuine software packages should be used to reduce the risk of cyber attacks which can cripple our market economy.