Cape Town – Cyber criminals have upped the ante by targeting local companies with ransomware, says a security company.
Fortinet says that cyber crooks target South African companies with malicious email attachments.
“In both cases, the ransomware came in via email attachments that looked legitimate to the users who received them. The malware could be hidden in an Excel spreadsheet or docx file, and the only clue that the mail was suspicious would come from analysing the sender address,” said Paul Williams, major account manager at Fortinet about two recent attacks.
He added that the ransomware is on the increase in SA though few companies are willing to reveal details of attacks.
“Many businesses from all verticals - these business will not be vocal about this as it could compromise their stature in the market place,” Williams told Fin24 about companies’ response to ransom demands.
Decryption keys
Ransomware is a scam where criminals will lock down computers and demand a ransom, usually paid in virtual currency. For some, paying the ransom is an easier option than trying to beat the encryption.
Some advised that you should not pay ransom to cyber criminals.
"Paying for ransom is a dangerous option. For starters, there is no guarantee your files will be returned or that the malware will be removed. Will the hacker exploit you again in six months’ time?" said Eset South Africa of ransomware scams.
Security company Kaspersky Lab announced recently that it was sharing a website to decryption keys obtained from busted cyber criminal rings.
“If you pay, you keep the criminal business model rolling. If you don’t, there is no business model for them anymore. Moreover, paying up will not guarantee that your files will be retrieved,” said Jornt van der Wiel, security researcher at Kaspersky Lab’s Global Research and Analysis Team.
Williams said that cyber crooks will “cyber bully” company executives in order to extract a ransom payment.
“This trend for hackers to make targeted attacks demanding something of the victim extends to cyber bullying. We now see attackers hacking the devices or social media accounts of individuals in order to bribe them or make demands of them.”
Increasing problem
Most of the attacks against South African companies originate from Africa, Eastern bloc countries or Asia, Fortinet noted.
“In many cases, hackers target a company’s website in order to make demands, or to use the portal as a gateway to the company’s back end systems. These targeted attacks are done for the purposes of espionage, theft and fraud, or to demand a ransom,” said Williams.
Despite the lack of hard data on the scale of the attacks, Williams argued that the problem was on the increase as companies turned to security professionals when they experienced attacks.
“We are seeing more and more targeted attacks happening locally.”
- Follow Duncan on Twitter