ATMs go blank after RBI advice to bank on software update

15 May 2017

The WannaCry ransomware attack on computer systems across several countries on Saturday had its effect on the banking system in India with the Reserve Bank of India (RBI) directing banks not to operate their ATMs without a Windows update.

Most of the ATMs in Mumbai and its suburbs did not function, declining a transaction telling customers ''unable to dispense.''

A malicious piece of software that blocks access to computers until money is paid, ransomware WannaCry is said to have swamped machines in over 99 countries, including India. While the ransomware took down computer systems across the world and locked up critical data, the ATM network in India lost the critical data link necessary to function effectively.

The hackers, who go by the name Shadow Brokers, are demanding $300 in virtual currency Bitcoin to unblock access to a user's files and had reportedly received over $25,000 till Saturday morning.

The global cyber attack took down, among others, health service NHS in the UK, a telecom network in Spain and government computer systems in Russia this weekend.

As many as 102 computer systems of Andhra Pradesh Police were hacked on Saturday. The malware reportedly halted production at a Nissan-Renault Alliance plant on the outskirts of Chennai, but the company did not comment on the issue.

''About 100 systems were attacked but as of now there are no more threats," a report in The Times of India quoted National Cyber Security Adviser in the Prime Minister's Office Gulshan Rai as saying.

India is among the most vulnerable because a large number of organisations and individuals still rely on older, outdated versions of the Windows operating system. The country also has the highest number of pirated software users.

ATM operators say there is no threat to customer data on money, but the ATM network is especially vulnerable since almost all of them run on outdated Windows XP software.

RBI has directed banks to ensure that their ATM networks receive a Windows update to protect them from a malware impacting systems across the world before they start operating these.

ATM machines in India are especially vulnerable since over 60 per cent of the 2.25 lakh ATMs in the country run on the outdated Windows XP.

Microsoft has, however, issued a statement saying that it has developed and released a special update for Windows XP although this particular version of its operating system is no longer serviced by the company.

"RBI has asked banks to update specific Windows patches on ATMs urgently and not to operate ATM machines unless updates are in place," said an official with a public sector bank. Banks have passed on the directive to their management service providers.

ATM operators, however, say that there is no threat to customer data on money. "The objective of ransomware is to shut down critical information in networks and prevent access to this data.

In the case of ATMs there is no data stored in the machine. Neither is there storage of any kind of logic that will block transactions.

Even if a machine were to get affected it can be reformatted and put to use immediately," said Manohar Bhoi, president (technology) at Electronic Payments and Services - a management services firm that handles ATMs for public sector banks.

Applying software patches is done by the vendors who supply the ATM. According to Bhoi, this can be done remotely and usually the vendors run their tests on the patch before an update.