Here's how ransomware hits SA

2016-04-14 10:21 - Duncan Alfreds, Fin24
Post a comment 0

Typical ransomware demand. (Duncan Alfreds, Fin24)

RELATED ARTICLES

Cape Town – Ransomware is increasingly becoming a problem in SA and local companies are not reporting incidents for fear of reputational damage, says a security company.

“Statistics in South Africa remain vague as organisations are reluctant to reveal the extent to which they have been targeted by ransomware," security firm Panda Security said in a statement to Fin24.

"However, anecdotal evidence points to this being a widespread issue - Panda is increasingly being approached by organisations looking for a real solution after being afflicted with ransomware,” Panda Security said.

Unlike other malware, ransomware is direct financial targeting. Once cyber criminals have encrypted data on a device, they demand payment, usually in the form of bitcoins. However, electronic funds transfers have also been employed.

“The impact of ransomware is difficult to calculate, since many organisations opt to simply pay to have their files unlocked - an approach that doesn’t always work. But a report on the Cryptowall v3 ransomware campaign, issued in October of 2015 by the Cyber Threat Alliance, estimated that the cost of that single attack was $325m,” said Paul Williams, major account manager for security firm Fortinet.

Number of attacks

READ: SA fails to make data breaches public - expert

According to data from Kaspersky Lab, 41% of South African companies recognise the threat posed by ransomware, also known as cryptomalware.

The malware enters company networks through email attachments and some of the malicious software programs include Trojan-Ransom.Win32.Onion, Trojan-Ransom.Win32.Locky (known as Locky) and Trojan-Ransom.Win32.Scraper (TorLocker) which cyber criminals have used to demand ransom of at least $300.

Locky, the most recent ransomware, has already been detected in 114 countries and SA has experienced the sixth highest number of attacks at 220, the highest number in Africa.

“Among other Trojans, Locky caught our attention because it was so active and spread so pervasively and quickly. We also noticed that the attacks weren’t partial to any particular region, where we have received notifications about attacks in over 114 countries across all continents – no other ransomware Trojan to date has targeted so many countries at once,” said Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab.

READ: Thousands of cyber attacks target SA

Data from Kaspersky Lab shows that 2.3% of South African computers may have a cyber infection over the last 24 hours.

Experts do not recommend that victims pay ransoms.

"Paying for ransom is a dangerous option. For starters, there is no guarantee your files will be returned or that the malware will be removed. Will the hacker exploit you again in six months’ time?" said Eset South Africa of ransomware scams.

Ransomware programs typically encrypt user files on computers, including those with pdf, doc, docx, xls, xlsx, ppt, pptx, jpg, jpeg, bmp, tiff, png, mpg, mpeg, avi, 3gp, mp4, m3u, mp3, wav, zip and java extensions among others with a 128 bit key.

Demands for payment will begin with about $300, but many cases the amount is increased the longer you take to pay – usually in bitcoins.

According to Symantec, users’ sentiment toward the encrypted data “can lead to irrational behaviour”, and payment to the cyber criminals.

Would you pay to have your PC unlocked by cyber crooks? Let us know


- Follow Duncan on Twitter

Read more about: kaspersky lab  |  eset  |  cybercrime