Ashish Chandra outlines the legal recourse available for Indian companies facing cyber-attacks

On a pleasant Friday evening in Mumbai last month, my iPhone started flashing with updates on the “WannaCry” virus. With an end-of-week party on my mind, I thought at first that the messages were promoting a new pub. My excitement didn’t last long as media platforms across India gradually revealed WannaCry was a global cyber-attack.

Ten questions arising from such a large-scale cyber-attack are answered below.

1. What is the WannaCry attack and what impact is it having in India?

The WannaCry ransomware attack is an ongoing worldwide cyber-attack by the WannaCry ransomware crypto worm, which targets computers running a Microsoft Windows operating system by encrypting data and demanding ransom payments in the bitcoin cryptocurrency. The attack began on Friday 12 May and has been described as unprecedented in scale, infecting more than 230,000 computers across more than 150 countries.

Based on recent news reports, some government and private establishments in India have been affected. The extent of the damage is as yet unknown.

2. What is the general law in India on cyber security?

The relevant sections of the Information Technology Act, 2000 (IT Act), as amended to date, are as follows:

You must be a subscriber to read this article, or you can register for free to enjoy the current issue.


Ashish Chandra is the former general counsel at Snapdeal. The views expressed are personal and do not constitute legal advice. Readers are advised to consult a lawyer before acting on any points mentioned above. The author can be reached at [email protected].