How ransomware has cost some Fin24 users thousands

2016-04-15 09:06
Post a comment 0

Ransomware targets South Africans. (Duncan Alfreds, Fin24)


Cape Town – South Africans have expressed their anger at cyber criminals who exploit them with ransomware, according to responses from Fin24.

Fin24 recently reported that ransomware scams are targeting South Africans, with criminals demanding payment of around $300 to unlock documents.

READ: Here's how ransomware hits SA

While corporates may have sophisticated systems to respond to ransomware, small businesses face hardship when hit.

“I work in a family business and we have recently been hit with the Locky virus. I confirm that it is absolutely dreadful when your staff members come up and say that their stuff is missing. The virus basically overwrites all your files and then deletes them, thus making recovery impossible,” said Fin24 user Ashraf.

“Fortunately, I had most of my important documents saved in Dropbox. I was relieved to know that the company detects massive file changes and makes backup copies and lets you restore documents, so all was not lost.

“I would never advise anyone to pay for any ransomware as they do not have 100% proof that their files are going to be decrypted,” he added.

Payment demands

Ransomware programs typically encrypt user files on computers, including those with pdf, doc, docx, xls, xlsx, ppt, pptx, jpg, jpeg, bmp, tiff, png, mpg, mpeg, avi, 3gp, mp4, m3u, mp3, wav, zip and java extensions among others with a 128 bit key.

READ: 4 scams that cyber crooks use to steal your cash

Cyber crooks usually demand payment in bitcoins, and some people feel coerced to pay up.

“My father was held ransom and had to fork out thousands, this after losing his business and just having started a new one. Tragic. Fortunately they got all their systems running again after paying,” said a Fin24 user who wished to remain anonymous.

“I would pay if I had to, if there was a chance I could get my data back,” added Fin24 user Louis.

“Is there no workaround if something like this happens? Can't security companies unencrypt your files? How can you protect yourself against attacks like these? What options do you have if not to pay the criminals?”

Ransomware has emerged as the go-to vehicle for cyber crooks to exploit internet users.


“Ransomware is posing to be one of the fastest growing classes of malicious software. Our research shows that crypto-trojans carry out attacks in practically all regions of the world,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab.

“Ransomware is not new. But its recent rise in sophistication and distribution is the latest in an escalating trend to find new and unexpected ways to exploit individuals and businesses that operate online,” added Paul Williams, major account manager for Fortinet.

Fin24 user Mary told of her experience recovering from a ransomware infection.

“Our pdf documents were left alone, thank goodness, so we were able to recover most of our documents as all quotes and invoices are converted to pdf before we send.

“And luckily our Microsoft Outlook was left alone as well so I was able to retrieve a substantial amount of information. But it took days to reload and set up Excel documents used for bookkeeping purposes and our biggest problem is that I have about five years of invoices, slips and banking details to recapture in order to get our business back up to date.”

WATCH: This online video shows how Locky ransomware works:

Read more about: kaspersky lab  |  cybercrime