Kenya’s Naivas hit by ransomware attack
Kenya’s largest e-commerce platform Naivas has been impacted by a ransomware attack.
Naivas announced the attack over the weekend, in a company statement, which reads: “This unlawful intrusion may have compromised some of our data.”
Nonetheless, the Nairobi-headquartered retail giant said it contained this attack, and its systems are secure and operations are normal.
In a statement, Willy Kimani, Naivas’ chief commercial officer, said: “On becoming aware of the attack, Naivas took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity.
“This process is complete and our systems are secure. We are cooperating with the relevant law enforcement agencies, as they investigate this, and the many current ransomware attacks in Kenya.”
According to Kimani, Naivas was made aware that the threat actor claimed to have stolen some of its data and is alleging that this may be published in due course.
He said: “We, and the law enforcement agencies, are monitoring this closely. Naivas has also informed the Office of the Data Protection Commissioner Kenya of the incident.
“Naivas would like to confirm that we don’t hold any credit/debit card information on our systems, and that such payment information is handled securely and protected through Secure Sockets Layer encryption.
“At the moment, we’re not aware of any malicious use of stolen data. However, it is recommended in the face of this type of situation to pay particular attention to any phishing attempts (by phone, SMS or email) as well as to the ensure sufficient security of passwords.”