SA firms face ransomware spike

Fortinet. (Duncan Alfreds, Fin24)
Fortinet. (Duncan Alfreds, Fin24)

Cape Town – Cyber criminals have upped the ante by targeting local companies with ransomware, says a security company.

Fortinet says that cyber crooks target South African companies with malicious email attachments.

“In both cases, the ransomware came in via email attachments that looked legitimate to the users who received them. The malware could be hidden in an Excel spreadsheet or docx file, and the only clue that the mail was suspicious would come from analysing the sender address,” said Paul Williams, major account manager at Fortinet about two recent attacks.

He added that the ransomware is on the increase in SA though few companies are willing to reveal details of attacks.

“Many businesses from all verticals - these business will not be vocal about this as it could compromise their stature in the market place,” Williams told Fin24 about companies’ response to ransom demands.

Decryption keys

Ransomware is a scam where criminals will lock down computers and demand a ransom, usually paid in virtual currency. For some, paying the ransom is an easier option than trying to beat the encryption.

Some advised that you should not pay ransom to cyber criminals.

"Paying for ransom is a dangerous option. For starters, there is no guarantee your files will be returned or that the malware will be removed. Will the hacker exploit you again in six months’ time?" said Eset South Africa of ransomware scams.

Security company Kaspersky Lab announced recently that it was sharing a website to decryption keys obtained from busted cyber criminal rings.

“If you pay, you keep the criminal business model rolling. If you don’t, there is no business model for them anymore. Moreover, paying up will not guarantee that your files will be retrieved,” said Jornt van der Wiel, security researcher at Kaspersky Lab’s Global Research and Analysis Team.

Williams said that cyber crooks will “cyber bully” company executives in order to extract a ransom payment.

“This trend for hackers to make targeted attacks demanding something of the victim extends to cyber bullying. We now see attackers hacking the devices or social media accounts of individuals in order to bribe them or make demands of them.”

Increasing problem

Most of the attacks against South African companies originate from Africa, Eastern bloc countries or Asia, Fortinet noted.

“In many cases, hackers target a company’s website in order to make demands, or to use the portal as a gateway to the company’s back end systems. These targeted attacks are done for the purposes of espionage, theft and fraud, or to demand a ransom,” said Williams.

Despite the lack of hard data on the scale of the attacks, Williams argued that the problem was on the increase as companies turned to security professionals when they experienced attacks.

“We are seeing more and more targeted attacks happening locally.”

- Follow Duncan on Twitter

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
Facebook is facing a fresh crisis after a former employee turned whistle-blower leaked internal company research . Do you still use Facebook?
Please select an option Oops! Something went wrong, please try again later.
Yes, the benefits outweigh the risk for me
23% - 152 votes
No, I have deleted it
47% - 318 votes
Yes, but I am considering deleting it
30% - 201 votes