Read time: 3 minutes

Ransomware rears its head in SA

With ransomware, cyber criminals hold a company's data hostage, says Richard Broeke, national sales manager at Securicom.

Ransomware – a type of malware that stops people from using their computers and accessing their data until a ransom is paid to the creator – is rearing its head in South Africa. Specialist IT security vendor Securicom was commissioned by three local businesses in late 2014 to assist with removing ransomware from systems and recovering data.

The company's Richard Broeke, national sales manager, says ransomware infections are going to become more common.

"Ransomware is a very real problem that is rearing its head in South Africa. Cyber criminals literally hold a company's data hostage. Globally, millions have been hit with ransomware, and experts are predicting that the next targets will be smaller businesses. South African companies aren't immune," he warns.

Ransomware effectively encrypts data and either prevents or limits users from accessing their systems. Victims are forced to either lose their data or pay a ransom through online payment methods to get it back.

Computers can be infected with ransomware through a variety of ways. The malware can be downloaded unwittingly by users when they visit malicious or compromised Web sites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware is delivered as attachments in spam e-mails.

Once it is in, ransomware either locks the computer screen; encrypts certain files with a password; or locks files like spreadsheets and documents. Ransomare isn't new. It first emerged in Russia around 2006. Evolving over the years, newer ransomware variants really began to spread in 2012 to Europe, Canada and the United States.

In January this year, the Federal Bureau of Investigation in the United States issued an alert for computer users to stay vigilant of ransomware scams, as they are on the rise, naming CryptoWall as one of the latest threats.

According to Broeke, of the three companies that Securicom assisted with ransomware infections in 2014, only one was able to recover its data. Another company, where the CFO's laptop had been infected, actually went as far as to pay the ransom in order to recover critical data – which hadn't been backed up. Fortunately, in this instance, the data was returned.

"Paying the ransom is never a guarantee that the data will be returned, and experts agree that this isn't the ideal remedy anyway. The more companies continue paying ransoms to have their data released, the more viable and profitable it is for hackers to continue.

"Sure, some of the less sinister ransomware variants can be removed with a few specific tricks, and without losing files. But, with some variants that isn't the case. The best way to deal with ransomware is to prevent it from happening in the first place. Prevention is far better than cure."

When it comes to prevention, Broeke says companies need to refocus on IT security.

"This is where South African companies, smaller ones in particular, tend to fall short. The slowing of the economy has meant budget cuts, resulting in less spend, fewer resources, and less focus on security.

"The benefits and importance of investing in premium security solutions cannot be underestimated. If the three companies we worked with last year had an up-to-date and effective IT security solution in place, those infections would have been prevented.

"Security software is only as good as the last update. With threats always evolving, security software needs to be updated, and the security status of the network, and endpoint ecosystem, needs to be monitored constantly.

"Backing up data is also an important defence against ransomware. Users can use a dedicated external hard drive for backups, plug it in, complete the data backup and then make sure to unplug the drive. A better strategy is using a cloud-based backup system. Backups can be scheduled, providing isolated copies of data in case a computer gets infected.

"Companies should look at a managed service if they don't have the necessary resources in-house. Outsourcing IT security means companies can access best-of-breed security technologies and expert advice," concludes Broeke.

Daily newsletter