The Reserve Bank of India (RBI) has asked banks to improve their banking systems including their ATM networks with a Windows security update to enhance security and protect them from the malware attack that took place over the weekend.

Ransomware or popularly known as WannaCry, ravaged computer systems in over 150 countries, locking up critical data. The hackers dubbed Shadow Brokers promised to free up the data files only after USD 300 dollars were paid in bitcoins. While the spread of the virus has slowed over the weekend, more than 2 lakh computers have been affected so far.

Even as most banks suggest they are not infected, they are required to upgrade their systems with the latest Windows “patches” as a precautionary measure.

Bankers and ATM operators suggest that ATMs work in isolation and are not exposed to the internet on which the malware has roamed free.

Meanwhile, many ATMs may remain closed for software updates as they are seen as being vulnerable since almost all of them are run on Windows software. Also, over 60 percent of the total 2.25 lakh ATMs in the country operate on the outdated Windows XP.

An ATM operator said ATMs may not be as susceptible to this particular attack as there is no data stored in the ATMs which the attackers can hold to ransom. At the most, it can stop ATM functions.

A senior Bank of Baroda official said, “ATMs, mobile applications and core banking solutions work on closed networks, so this attack may not directly impact them. We have updated our patches on an immediate basis under the RBI’s directions. RBI even asked us to get our anti-virus, firewalls and other security measures updated.”

A Kotak Mahindra Bank spokeperson said, “The bank has robust security controls to guard against various cyber-attacks. We have an on-going process of identifying risks and enhancing controls. We monitor our systems round the clock, and our systems and ATMs are well secured. We have educated our employees on the issue, and are keeping them updated on the secure operations of systems. Action has been taken to validate our systems to ensure that they are protected with appropriate patches against ransomware. We have not encountered any incident due to this attack.”

According to another banker, many banks work on outdated systems for not so important functions due to high costs attached to upgrading. Some smaller branches at remote locations may not be working on updated systems and, hence, could be vulnerable.

Microsoft has issued a statement saying that it has developed and released a special update for Windows XP although this particular version of its operating system is no longer serviced by the company.

The Bank of Baroda official quoted above said this is a rare occasion that Microsoft has given an update for the software products which are outdated. “But given the sensitivity of the situation and date on the outdated products, it has given us new patches.”

No bank has explicitly reported any incidents of a malware attack on their systems. However, there are reports of two south-based banks being infected. There have been no confirmation yet from the RBI on the same.