What to do as Ransomware Continues to Attack South Africa
#Ransomware #SouthAfrica #Attack #Bitcoin
It was only a few years ago that the term “ransomware” was only known to those in the cybersecurity world or those that had been victims of the Trojan attacks. What once began as small “hits” on the computers of private consumers had such a level of success that the cybercriminals began to invest their ill-gotten gains into more sophisticated methods. This focus allowed them to launch new and insidious goals for bigger profits as they put their eyes on organisations that could not afford to have their systems taken down. From hospitals to infrastructure, the cybercriminals relied upon the lack of education of staff to the dangers of ransomware and the methods that it is spread. The attacks have been devastating in South Africa as more companies and organisations have suffered from ransomware attacks and high dollar Bitcoin payments demanded for the release of their systems.
Systems Down, Data Stolen
Criminals that use ransomware have a two-fold method of profit. The first is their ability to encrypt entire networks and demand incredibly high payments. The second is, while the system is locked, they can steal valuable data from the network and sell it on the Dark Web. In the case of the July 22, 2021 attack on the ports controlled by Transnet, the ransomware strain is believed to have come from Russian and Eastern European crime gangs that created ransomware known as “Death Kitty.” The attack crippled over half of the shipments in Africa.
Why These Attacks are Happening
The largest problem regarding ransomware in South Africa is that a majority of organisations have taken little or no steps to be proactive against these attacks. Since ransomware takes advantage of a staff member opening an infected pdf or visiting an infected website via a URL link sent to them, it demonstrates that education and training are sorely needed to help to prevent these incidents. Another aspect of the success of cybercriminals is that most of the organisations don’t have trained IT or cybersecurity staff that can recognise and put actions in place. Many companies don’t discover that they have been attacked for days, until their systems are locked and they receive a “ransom” contact.
Taking Action Before an Attack
Ransomware and cyber attacks are escalating around the globe costing companies, countries, and organisations billions every year. Protecting against these cybercriminals is now considered to be part of the cost of doing business and requires:
The loss of data and the cost of downtime for any network may be the most notable price to pay when an organisation succumbs to a ransomware attack, but the loss of credibility, reputation and important customer and proprietary data is something that some companies can never get through. Ransomware attacks have caused such damage that it has shut entire organisations down.
“In our digital world there is now a requirement for everyone to be aware of and trained on the methods needed to protect against cybercrime such as ransomware. DaVinci Cybersecurity are experts at bringing the kind of risk analysis, recommendations, training, and cybersecurity insurance that organisations need.” Sharon Knowles, CEO DaVinci Cybersecurity
Originally published at https://davinciforensics.co.za on October 29, 2021.