WannaCry; RBI asks banks not to run ATMs without software update

India's central bank, the Reserve Bank of India (RBI), issued an advisory to banks on Monday, directing them to run ATMs only after updating their operating system, state-run broadcaster All India Radio (AIR) reported.

"Our team as well as other ATM operators are working on remote update of patch, whether it can be downloaded and if it is practically possible to remotely push a 60MB file on thousands of ATMs", said Mahesh Patel, president and group chief technology officer, AGS Transact Technologies Ltd, which makes and runs ATMs.

ATM machines are seen as being vulnerable since nearly all of them run on Windows software. There was speculation that one or two small banks in South India may have been affected and that the magnitude of the damage may not be much, said two people familiar with the matter. Also over 60% of the 2.25 lakh ATMs in the country run on the old Windows XP. At the most, it can stop ATM functions.

Report by various security solutions firms over the weekend had claimed that India is amongst the countries worst affected by the "WannaCry" outbreak, accounting for about five per cent of the attacks. We have an on-going process of identifying risks and enhancing controls. A few ATMs running on old Microsoft Operating System remained non-operational as part of precautionary measures. They also told not to operate ATMs unless updates are in place. Action has been taken to validate our systems to ensure that they are protected with appropriate patches against ransomware.

He said, "We've actually been getting attacks today, we don't think it's the actual group who were spreading the malware but another group is trying to attack us so the infections resume".

The daily cited a statement from Microsoft that said the company has developed and released a special update for Windows XP, though the version used by Indian ATM networks "is no longer serviced by the company".

As per reports, the ATMs are highly vulnerable to the malware as most of the machines are still operated on Microsoft WindowsXP. "But given the sensitivity of the situation and date on the outdated products, it has given us new patches". The most disruptive attacks were reported in the United Kingdom, where hospitals and clinics were forced to turn away patients after losing access to computers. Indian banks are notorious for under-reporting cyber crimes and this has even attracted the regulator's criticism.