By Sue Maclennan
As South Africa, along with the rest of the world braces for the next big cyberattack, local IT experts say Grahamstown users have not reported being affected by the ransomware attacks that hit computers worldwide on 12 May. The malicious software, called WannaCry, shut down systems at public health and transport services and factories in countries including Britain, the US, Japan, China, Spain Russia and Germany, as well as an smaller businesses and individuals.
Just three days after the attacks struck CNN Tech said the world’s biggest cyberattack had hit at least 150 countries and infected 300 000 machines.
The malware downloads when a user opens a phishing email or corrupted web page, encrypts files and demands a ransom for their retrieval, usually in Bitcoin currency, for the code to unlock them again.
Vijay Sonne, owner of Albany Computers in Grahamstown, said he’d first had contact with the ransomware malware 18 months ago.
“It infected the computers at an advocate’s offices. Fortunately, though, that version only attacked the ‘My Documents’ folder and I had set up their systems to save elsewhere, and their data was safe.”
The malware had since evolved. “Now it locks up everything.”
Sonne hadn’t heard of anyone in Grahamstown affected by this month’s attack, however, nor had he heard of anyone who had paid up.
“It’s not a given that you will be given the code and get your documents back,” Sonne said. “Your only hope is regular backups kept off-site. Without backups, you’re dead.”
He did have a customer in Grahamstown who had fallen for the Microsoft Helpdesk scam, however.
“They phone, saying they’re from the Microsoft Call Centre. They’ll say they’ve picked up that you have a virus, get you to sit in front of the computer and get you to put in a set of numbers.”
The numbers open a back door for the scammers to take control of your terminal.
“They’ve got the DNS, they’ve got everything,” Sonne said.
To add insult to injury, the scammers then tell the victim they owe money for the “service” just rendered and talk them through the steps to pay for it electronically.
“Once a week, someone in Grahamstown will get a call, and if they catch the right person they’ll fall for it.”
Across the road at Geenet, owner Mike Wish said they’d seen nothing recently of ransomware – “Maybe four cases in the past year and a half”; however, he was aware of businesses in Grahamstown that had been affected.
Like Sonne, he said the Microsoft Helpdesk scam was a weekly occurrence. “Most of our clients have the wherewithall to see them off though,” Wish said.
“Microsoft will never phone you,” Wish said. “We tell our clients that if they think Microsoft has just called them, they should call us first.”
Technician at Insight Technologies in Pepper Grove Mall, Cuan Wessels, said they too hadn’t encountered much malware.
“Most of our clients have paid-up antivirus systems and we make sure we update the definitions,” he said.
A number of farmers had been hit by the Microsoft scam three or four years ago, Wessels said.
Head of IT Support at Rhodes University Tracey Chambers said the university deploys virus protection software that updates regularly from local servers.
“We are therefore confident that the majority of our computers are secure,” Chambers said.
However, she advised staff and students that if they had configured their computers themselves, they might be at risk.
Windows updates should be set to download and install on a regular basis and the latest version of the antivirus software should also be installed.
“We would like to emphasize that the bulk of infections come from phishing emails, either in the form of a link to a website or to download an infected attachment (eg Word, excel and pdf document),” Chambers wrote in an email circulated to the university community. “Please be extremely cautious when opening any emails, particularly from people or organisations that you do not know. We would also like to advise that if you are working on any critical or sensitive information, that you save your work off-site and off-line (ie. save to) and unplug external hard drives or flash drives.”
Introducing the State Security Agency Budget Vote 2017/18, last week, State Security Minister David Mahlobo said South Africa is one of the targets for cybercrime.
“Research shows that small companies and ordinary citizens especially unsuspecting children are being targeted more and more by cyber criminals, state actors and hacktivists,” Mahlobo said in his opening address. “Ransomware, identity theft, cyber bullying, internet banking fraud, misuse of social networks and many other types of attacks are prevalent.”
Mahlobo said in partnership with institutions of higher learning, the Agency had launched programmes that would bolster the country’s defences against cyber attacks.
“These initiatives will not only bolster the capacity of government to respond to cyber insecurity, but it will create a skills base that will improve cyber security for the public and private sectors,” Mahlobo said.
The Cybercrime and Cybersecurity Bill is currently before Parliament. The Bill seeks to ensure that the country has the relevant legislative framework in place to prosecute cyber criminals.
According to IBM’s Cyber Security Index, 95% of all cyber-crime involves human error.
The next wave of attacks, according to experts, Adylkuzz, could be far more damaging than WannaCry, using bots to control individual machines and link them through command servers.
RANSOMWARE FACTS
How does ransomware work?
* Malware downloads when a user opens a phishing email or corrupted web page
* It encrypts files
* It spreads to other computers or devices on a network
* The hacker places a message on your screen explaining your files have been encrypted and you have to pay an amount to retrieve them – more recently in Bitcoin.
* According to howstuffworks, by June 2016, 47 nearly half of US enterprises ad experienced ransomware attacks in the preceding year. Last year, in the US, there were 4 000 attacks a day, most unreported.
What can you do if you have it?
* Encryption is almost impossible to break and reverse
* Prevention is the cure: to avoid data loss, watch what you click, back up regularly and if you’re on Windows make sure you have Security Update for Microsoft Windows SMB Server 4013389. This according to Microsoft resolves vulnerabilities in Microsoft Windows.
* For a full list of malicious software countermeasures, go to to the CSIRT-hosted Cyber Security Hub
Did you know…
* A 2016 study found 30% of people open phishing emails. Of those, 13% click on the attachment or link
* Hackers don’t need to know anything about the malware they send out: Most attackers buy the software on the internet, where it comes as an allin-one app with service and technical support. Some even provide call-centre or email support for victims, talking them through how to pay and how to recover their data.
* There is such a big market for ransomware that developers employ distributors
* The ratio of profit to effort has been estimated by one expert at 20:1