Read time: 3 minutes

South Africa, Ivory Coast top list of African WannaCry ransomware targets

South Africa, Ivory Coast top list of African WannaCry ransomware targets

WannaCry, the ransomware campaign that has wreaked havoc globally, has reached a total of 34,300 attack attempts in 97 countries according to research conducted by Check Point Software Technologies.

Data compiled by another security company Fortinet shows that South Africa leads the pack among the African countries affected followed by Ivory Coast and Nigeria.

Egypt, Algeria and Morocco complete the top six countries, while only a small number of attacks have been located in the rest of the continent.

Simon Bryden, a consulting systems engineer at Fortinet, compiled the data on how the attacks have progressed on the continent.

"Total hits on the Microsoft vulnerabilities (those patched by the Microsoft patch MS-17-010) over the last 7 days are around 1500 which is very low compared with the global number. Of course, there are potentially other attack vectors (for example email delivery) although no-one has been able to confirm this so far. There is also the entry via the DoublePulsar backdoor which is not counted here because this has also used for other attacks and would skew the numbers. In summary, South Africa and Cote D'Ivoire saw the brunt of the attacks. The most attacked vertical was healthcare, similar to what was seen in the UK, and large companies were also the most targeted."

A breakdown of WannaCry by vertical from the results of Fortinet's research shows transport & logistics is second to Healthcare followed by food & beverage with media/communications in fourth place.

Rick Rogers is the Area Manager for East and West Africa at Check Point Software Technologies. The company found that the top country from where attack attempts were registered is India, followed by the USA and Russia.

"Although we see it slightly slowing down, WannaCry is still spreading fast, targeting organisations across the world. WannaCry is a wake-up call, showcasing how damaging ransomware can be and how quickly it can cause disruption to vital services."

Check Point researchers found that those affected by WannaCry are unlikely to retrieve their files, even if they do pay the ransom. The researchers say a problematic payment and decryption system and false demo of the decryption operation puts into question the capability of WannaCry's developers to deliver on their promises to decrypt files.

The three bitcoin accounts associated with the WannaCry campaign have accumulated approximately US$77,000 according to the research, although unlike many other ransomware types, not a single case has been reported of anyone receiving their files back.

Daily newsletter