The attack was presumably a first on a GoI portal.
The corporate affairs ministry’s key portal for making filings by companies — MCA21 — came under WannaCry ransomware attack last month, affecting certain services. The attack was “presumably” the first on a central government portal and prompt measures were taken to contain the impact, according to an official document. Last month, the WannaCry ransomware cyber attack impacted computer systems and networks in more than 150 countries, including India. MCA21, which is managed by IT major Infosys, provides for making electronic filings related to compliances under the Companies Act and Limited Liability Partnership Act, 2008.
“During May 2017, the MCA21 system was subjected to WannaCry ransomware attack. The attack was in the nature of a ‘zero day attack’ and was first noticed on May 7,” the document said.
Generally, zero day attack refers to hackers exploiting a flaw in a software system that is not known to the vendor itself. ALSO READ: Google’s Railwire Wi-Fi service among worst hit networks by WannaCry ransomware attack: eScan report
“The attack was presumably one of the first such attacks on a Government of India portal,” the document stated.
While some document related to front office and back office services were initially affected, technical teams took prompt measures to contain the impact and informed the CERT-In immediately, it added. CERT-In is the government’s cyber security arm. As per the document, the system servers were re- formatted and the systems were re-deployed. ALSO READ: Lord Balaji Temple in Tirupati and city hospital in Odisha hit by WannaCry ransomware: Report
“The prompt measures helped all services being restored fully without any loss by May 12,” it said.
Contacted for comments on the matter, an Infosys spokesperson said, “We recommend a conversation with the (corporate affairs) ministry on this matter.”
The query sent to Corporate Affairs Secretary Tapan Ray remained unanswered. An e-governance initiative of the ministry, MCA21 enables secure access of the services to corporate entities, professionals and citizens of India. On an average, at least 8,000 filings are made through the portal daily. Last month, the government had said there was no serious impact on the country from a global ransomware cyber attack, except for a few isolated incidents in Kerala and Andhra Pradesh, and that steps were being taken to deal with any future threat. ALSO READ: WannaCry ransomware attack: Microsoft Windows 7 most affected OS, XP count insignificant says Kaspersky
“There is no major impact in India unlike other countries. We are keeping a close watch. As per the information received so far, there have been isolated incidents in limited areas in Kerala and Andhra Pradesh,” Information and Technology Minister Ravi Shankar Prasad had said on May 15.
The WannaCry attack is reported to have impacted over two lakh computers in more than 150 countries. Hackers were believed to have used techniques stolen from the US National Security Agency to encrypt files within affected computers, making them inaccessible, and demanded USD 300 ransom. ALSO READ: WannaCry ransomware ‘highly likely’ to be the work of North Korea’s Lazarus Group: Symantec