Here's how ransomware hits SA

Typical ransomware demand. (Duncan Alfreds, Fin24)
Typical ransomware demand. (Duncan Alfreds, Fin24)

Cape Town – Ransomware is increasingly becoming a problem in SA and local companies are not reporting incidents for fear of reputational damage, says a security company.

“Statistics in South Africa remain vague as organisations are reluctant to reveal the extent to which they have been targeted by ransomware," security firm Panda Security said in a statement to Fin24.

"However, anecdotal evidence points to this being a widespread issue - Panda is increasingly being approached by organisations looking for a real solution after being afflicted with ransomware,” Panda Security said.

Unlike other malware, ransomware is direct financial targeting. Once cyber criminals have encrypted data on a device, they demand payment, usually in the form of bitcoins. However, electronic funds transfers have also been employed.

“The impact of ransomware is difficult to calculate, since many organisations opt to simply pay to have their files unlocked - an approach that doesn’t always work. But a report on the Cryptowall v3 ransomware campaign, issued in October of 2015 by the Cyber Threat Alliance, estimated that the cost of that single attack was $325m,” said Paul Williams, major account manager for security firm Fortinet.

Number of attacks

READ: SA fails to make data breaches public - expert

According to data from Kaspersky Lab, 41% of South African companies recognise the threat posed by ransomware, also known as cryptomalware.

The malware enters company networks through email attachments and some of the malicious software programs include Trojan-Ransom.Win32.Onion, Trojan-Ransom.Win32.Locky (known as Locky) and Trojan-Ransom.Win32.Scraper (TorLocker) which cyber criminals have used to demand ransom of at least $300.

Locky, the most recent ransomware, has already been detected in 114 countries and SA has experienced the sixth highest number of attacks at 220, the highest number in Africa.

“Among other Trojans, Locky caught our attention because it was so active and spread so pervasively and quickly. We also noticed that the attacks weren’t partial to any particular region, where we have received notifications about attacks in over 114 countries across all continents – no other ransomware Trojan to date has targeted so many countries at once,” said Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab.

READ: Thousands of cyber attacks target SA

Data from Kaspersky Lab shows that 2.3% of South African computers may have a cyber infection over the last 24 hours.

Experts do not recommend that victims pay ransoms.

"Paying for ransom is a dangerous option. For starters, there is no guarantee your files will be returned or that the malware will be removed. Will the hacker exploit you again in six months’ time?" said Eset South Africa of ransomware scams.

Ransomware programs typically encrypt user files on computers, including those with pdf, doc, docx, xls, xlsx, ppt, pptx, jpg, jpeg, bmp, tiff, png, mpg, mpeg, avi, 3gp, mp4, m3u, mp3, wav, zip and java extensions among others with a 128 bit key.

Demands for payment will begin with about $300, but many cases the amount is increased the longer you take to pay – usually in bitcoins.

According to Symantec, users’ sentiment toward the encrypted data “can lead to irrational behaviour”, and payment to the cyber criminals.

Would you pay to have your PC unlocked by cyber crooks? Let us know

- Follow Duncan on Twitter

Brent Crude
All Share
Top 40
Financial 15
Industrial 25
Resource 10
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Do you think it was a good idea for the government to approach the IMF for a $4.3 billion loan to fight Covid-19?
Please select an option Oops! Something went wrong, please try again later.
Yes. We need the money.
11% - 797 votes
It depends on how the funds are used.
74% - 5281 votes
No. We should have gotten the loan elsewhere.
15% - 1047 votes