Even as the Centre expressed confidence on Monday that WannaCry ransomware, a malware affecting computer systems across the globe, will have little impact on India, cyber security experts said it is too early to assess the real extent of the virtual attack.
For, the experts believe, the use of pirated or outdated software is rampant among Indian companies, who will not be able to report their losses due to licencing issues.
"MNCs, banks, telecom and big IT firms are prepared to deal with such attacks as they have got their cyber policy in place by installing latest updates, anti-virus software and firewall. But a large number of mid and small firms remain exposed to the threat," Mukul Shrivastava, partner of Fraud Investigation & Dispute Service, EY India, told MAIL TODAY.
Shrivastava said the threat of such an outbreak at global level should serve as a wakeup call for those establishments using unlicenced software to cut costs.
Cyber experts working with leading audit firms told MAIL TODAY that Indian businesses did get affected by the malware but instead of reporting it to the government, they chose to initiate internal inquiries. There is no legal provision that makes reporting a cyber-breach mandatory for a corporate firm, experts said.
WannaCry is a program targeting Microsoft's Windows operating systems where hackers take control of a computer and lock the data until the victim make a payment in return. This large-scale cyberattack was launched on Friday where researchers observed 57,000 infections. The hackers demanded payments of $300 to $600 (roughly Rs 19,000 and Rs 38,000) using Bitcoins.
While Microsoft has released "patches" to fix a vulnerability that allowed the worm to spread, experts say these patches were valid only on licenced and updated software.
"Outspread of attack will be more in India as most of the computers are working on pirated versions. The patch by the Microsoft will not work on such a system, making India possibly among the worst affected," said Dinesh O Bareja, a cyber security expert.
Meanwhile, ransomware incidents were reported from Kerala, Kolkata and Andhra Pradesh. However, no corporate office or institution came forward fearing their brand image will be hit. The impact can be only assessed later this week.
The government too tried to dispel rumours about banking telecom or aviation being hit by the outbreak. "There is no major impact in India. We are keeping a close watch. There have been isolated incidents in Kerala and AP," Union I&T minister Ravi Shankar Prasad said.
Prasad said a cyber coordination centre will start operating from next month to take precautions against such attacks in future. Besides, the cyber security arm of the Centre has asked banks, stock exchanges, and other vital institutions to safeguard their systems against the malware.
The biggest impact so far has been on computers used by AP Police where 18 units across five districts have been under attack.
There were reports that the virus has infected around 10 computers in the offices of West Bengal State Electricity Distribution Company, state power minister Sovandeb Chattopadhyay confirmed.
The IT ministry has also reached out to agencies such as RBI, NPCI and UIDAI, to warn them about the risks associated with WannaCry, and help secure their systems, to make sure that digital payments in India are not affected. The RBI has notified all banks to operate their ATMs only after updating their software systems.