- Ransomware attacks are now on the increase and they have shaken the world after a Swedish retail firm was forced to close 800 of its stores
- Cybercriminals are now using smart and complicated mechanisms when choosing victims who are often unaware that they may not be able to access their files again
- Briefly News looks at how ready South Africa is to deal with a cybercrime of the same magnitude as the Swedish attack
By Llyod Dlongolo Nxumalo - Freelance Journalist
Ordinary South Africans are now embracing digital technological advancements with the advent of the Fourth Industrial Revolution (4IR).
The surge in the number of technology consumers has made organisations, companies and individuals more prone to cyber-attacks.
The world woke up to shocking news on Sunday 4 July when the Swedish Coop grocery store had to shut down all their 800 stores because of a ransomware attack.
The retail giants were unable to operate their cash registers, which had been encrypted.
This became one of the biggest ransomware attacks in history. While analysts focused on how brazen the attack was, the issue of cybersecurity became another headline grabber.
How the Swedish Coop situation unfolded
According to media reports, the hackers launched an attack on Swedish Coop hours after they had hacked into United States tech provider Kaseya's servers.
Having found their way into the Kaseya system, they boldly navigated their way through the company's desktop management tool (VSA) and pushed malicious software to infect tech management providers that serve thousands of businesses. Swedish Coop was one of them.
Miami-based Kaseya said it was working with the FBI and that only about 40 of its customers were affected directly. It did not comment on how many of those were providers that in turn spread the malicious software to others.
The tech-savvy gang behind the attacks has been identified as REvil.
Apart from Swedish Coop, state railways services and a pharmacy chain also suffered disruption.
Ransomware remains a major threat worldwide. The chief information officer of a top South African insurance brand, Jessica Mncube, is of the notion that ransomware attacks are orchestrated by sophisticated tech gurus.
"The ransomware issue is a complex one but the goal is always the same. That of fleecing money from their victim. Cyber criminals are not your typical fly-by-night criminals. They have elaborate means of choosing, stalking and attacking their victims. They do not just attack," she said.
Mncube reiterated that ransomware attackers had swiftly moved from just encrypting systems to encrypting the data as well.
According to an online tech security website, ransomware is a form of malware that encrypts a victim's files. It is usually orchestrated by a group of tech-savvy hackers.
Once they have encrypted their victim's files, the hacking gang eventually starts demanding ransom from the victim for them to restore access to the data upon payment.
Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
The reason for using Bitcoin is to block authorities from tracing them.
"Cyber security therefore becomes a bone of contention. Remember a print is captured every time a computer is used. Bitcoins worth millions of dollars have been recovered from hackers as a direct result of that print," said Miss Mncube.
South Africa has not been spared
Cyber attacks are more likely to occur in South Africa than any other African country. That is because South Africa is ranked third in the world for the highest number of users experiencing targeted ransomware attacks.
It is a scary statistic considering that most South Africans have embraced the Fourth Industrial Revolution and are now transacting more online.
Ransomware attacks are not new in South Africa. Several companies have been in the recent past, Daily Maverick recently reported.
In ransomware attacks, malware encrypts files on a device or network, making the system inoperable. The people behind these types of cyberattacks typically demand a ransom in exchange for the release of data.
PWC Forensics Technology Solutions leader, Junaid Amra, believes companies in the manufacturing and mining industries are most likely to come under attack.
"They face a myriad of different cyber threats. But most local companies have been very relaxed in regards to beefing up their IT security. They are not prioritising the implementation of the appropriate mitigation strategies.
"Technology is constantly evolving and the adoption of various mechanisms influences more attacks on organisations. A ransomware attack had far reaching and potentially devastating consequences.
"Companies in the mining and manufacturing industries must ensure that they employ the correct controls to improve security and protect their assets," he said.
According to antivirus software manufacturers Kaspersky, 42% of ransomware victims paid the fee hoping to get their files back. Unfortunately, in this game nothing is guaranteed as just 24% of the victims actually managed to get their data back.
How ransomware affects South Africa
The most publicised attack was that of City Power that was locked out of its system in 2019. The situation, however, was dealt with quickly.
However, according to Mncube, it could have been a whole lot worse. Many suburbs would have been plunged into total darkness.
Mncube further explained how businesses and individuals are affected by ransomware attacks:
"Cyber criminals are now smarter when launching their attacks and they tend to hit when it's least expected. A ransomware attack on a business can take years to fix because it is about so much more than just decrypting and restoring data.
"This is because the entire system will need to be rebuilt. Remember operational downtime as well as customer impact have to be considered. Businesses tend to lose out more on generating revenue.
"The impact ransomware attacks have on individuals are also diverse. In the past we have seen lost academic days, delayed hospital assistance, transportation woes, panic buying, fuel shortages etcetera," she said.
Sophos, which announced the findings of its global survey The State of Ransomware 2021 , reveals the global average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761 106 (R11 million) in 2020 to $1.85 million (R26.5 million) in 2021, ITWeb reported.
Encrypting data is the only solution
While ransomware attacks are like a virus that can strike at any time and without warning, dealing with it is of paramount importance.
Revered technology writer Toby Shapshak insists the best way of dealing with cybercrime is protecting data layers.
Taking to his weekly column in the Daily Maverick, Shapshak likened data protection layers to that of a house that has extra security such as an electric fence, cameras, dogs, etc.
"Protecting your data requires the same kind of multiple levels of protection and detection. The SolarWinds hack of multiple US government agencies last year wasn’t picked up because once the intruders were in their systems, there was no additional security.
"A simple security check on how much data was moving internally may have revealed strange activities. This is how the African Union discovered gigabytes of data being moved out of its parliament building by the company that installed it – and was siphoning off a copy of whatever was on the system," he said.
He added that the other crucial thing – not just for businesses but everyone – was backing up data.
"For a big firm with lots of customer information, that data should be encrypted, and the backups should also be encrypted," he said.
Considering that restoring an entire system could take years after it has been attacked, the more feasible solution is prevention.
Heartbreaking stories of the ailing masses and the businesses lost to destruction
In other news, Briefly News reported that there has been an outpouring of anxiety by South Africans at large as a dark cloud lingers over the skies of our beautiful land in recent days.
Citizens have expressed shock and dismay with many wondering when a sense of normality, albeit the new one brought about by the Covid-19 pandemic, will return.
Chaos has become the order of the day with the wailing cries of pain and destruction the only sound to pierce the once relative peace of the night across South Africa. Many untold stories feature prominently in what has become a raging cascade of suffering, particularly in parts of Gauteng and KwaZulu-Natal, the two provinces at the forefront of the country's battle against total lawlessness.
The extent of it all is unspeakable with the damage to property, including malls, shops, warehouses and residential houses, amounting to excessive amounts.
In the midst of it, Briefly News reached out to the ordinary citizens of South Africa; those who have borne the brunt of a new kind of pandemic, one which started as a protest against the incarceration of former president Jacob Zuma but soon spiralled into a frenzy of glaring criminality.
To read more about their heartbreaking stories, click here.
Enjoyed reading our story? Download BRIEFLY's news app on Google Play now and stay up-to-date with major South African news!