Will Microsoft face the brunt of ransomware attack that hit Indian users?
Since the turn of the year, millions of Microsoft users have seen the security of their computers breached and their valuable personal data fall into the hands of hackers. Increased malware activity has resulted in a steep rise in the number of ransomware attacks across the globe.
Recently, the ransomware "Petya" stirred panic after its demanded worth $300 for setting free computers caught in its web. Even though the majority of the infections were reported from US and Europe, India too was badly affected. According to a report released by cyber security firm Symantec, India was the seventh worst hit country in an attack with alleged links to Russia.
However, "Petya" was by no means the worst 2017 had seen. Earlier in the year, a ransomware called "WannaCry" held hostage a record 2,00,000 plus systems worldwide. The attack, dubbed as the largest such cyber assault of its kind, was eventually contained but left many questions in its wake.
Contrary to the Indian government's claims of the ransomware not touching Indian shores, cyber security experts revealed that the country was again one of the worst hit by the ransomware attack.
Why computers in India one of the most vulnerable?
These vicious pieces of code created to extort money from users by holding their data to ransom were designed in a way that they only need one vulnerable computer on a given local network to cause havoc. Having found a prey, "WannaCry" and "Petya" would then automatically spread itself to all linked computers.
But what made these ransomware attacks so potent? As was later exposed in the case of "WannaCry" the ransomware exploited a vulnerability found in the older versions of Windows such as XP which is still being used on the majority of the system across the country.
Indian government attempt to fix the situation
As per reports, the Indian government, however, is ready to remedy the situation, but not in the way Microsoft would have hoped. Holding Microsoft partially responsible for the problem at hand, the government is "pressing" Microsoft to offer a one-time deal to millions of Windows users in the country so that they can upgrade to the latest Windows 10 operating system "at less than a quarter of the current price".
Speaking to Reuters, India's cyber security coordinator, Gulshan Rai has revealed that Microsoft officials have "in principle agreed" to the request. However, one can only imagine they would not be too excited about it.
The tech giant agreeing to any such demand would not only leave it with several billion dollars in lost revenue but also set a precedent that could be exploited by other countries to strong-arm Microsoft into offering discounted upgrades to them in the future.
Is the government justified in making Microsoft pay?
But is the Indian government justified in putting Microsoft at the end of such a demand that would see it provide their expensive software – Windows 10 Home currently retails for 7,999 rupees – at "throw away prices"? Well, the answer to that is yes!
The "WannaCry" ransomware attack becoming a major threat was partly down to Microsoft's unfair treatment of millions of users running a paid product that Microsoft deemed "unsupported".
A deeper look into the Trojan's frantic spread reveals a callous disregard on Microsoft's part for users of its older operating systems. Interestingly, the company had rolled out updates to "patch the ransomware vulnerability" for Windows 7, 8.1, Vista SP2 and Windows 10 earlier this year on March 14, but only released "Security Update KB401258" to address the issue for less-popular Windows Server editions, including Windows 8, Vista, XP platforms once millions of computers were infected.
At the time of the attack, Microsoft not only held back from assuming responsibility for exposing hundreds of thousands of users to extortion by cyber attackers, but also asked them to take this as a warning call over their continued insistence to use a product they paid Microsoft good money for.
The government's demand of Microsoft now is thus justified, as in some ways it leads to the technology giant being held responsible for purposely leaving its paid customers at the risk of a major cyber attack.