Site icon Stuff South Africa

The brazen attack on City Power is a sign of the growing confidence of cybercriminals to exploit software weaknesses for financial gain

If you thought last week’s ransomware attack on City Power sounded like a movie script, it’s because that kind of scary possibility has been fictional fodder for years. Films have long proposed the idea of hackers taking over a computer network for their own nefarious ends.

Sadly, ransomware attacks have moved beyond movies into everyday realities.

Johannesburg’s power company has joined a long list of targets, including some recent high-profile attacks on the United States cities of Maryland in May and Atlanta last year.

A digital ransom note to the Maryland authorities demanded about $75,000 in Bitcoin to unlock all of them. “We won’t talk more, all we know is MONEY!” the note read.

But they are not alone. Security firm Kaspersky monitored 194,803 ransomware attacks in South Africa alone in 2018. That was a 64% increase over 2017, the Russian firm told the Financial Mail.

“The reason for the modern rise in ransomware, and frankly the wild success, is directly attributable to Bitcoin and other cryptocurrencies,” Allan Liska, an analyst at cybersecurity firm Recorded Future, told the New York Times, about the Maryland ransom.

Until now, extortionists had to use the formal banking system, which still allowed for transactions to be tracked, despite the number of tax havens its washed through.

Cybercriminals got smart when cryptocurrencies allowed for a decentralised payment system that has proved popular in the underground medical – and recreational – drugs market conducted on the Dark Web and paid for with such coins.

Liska estimates that there have been 169 cases of US state and local governments being hit by ransomware, since the 2013 event he identifies as the start of this wave of cybercrime when malware called CryptoLocker was used to infect a Massachusetts police department.

“That’s really only the tip of the iceberg. There’s really probably a lot more that are never reported on,” he told the paper. CNN reports there have been 22 known public-sector ransomware attacks so far this year.

Ransomware can be snuck into computer systems by utilising known flaws, which are also known as exploits, in the operating systems. Software makers like Microsoft regularly issue updates, known as patches, to address these security issues, as well as general updates. Very often, ransomware and other malware are sneaked onto computers using these exploits because the computer administrator hasn’t installed the update patch. If they had, the ransomware wouldn’t be able to target the known exploits. Own emphasis on “known exploits”. That simple. If system administrators update their software, at the very least, they vastly diminish their chances of being compromised.

Even more bizarre is that the Maryland hack was reportedly done using malware created by the US’s National Security Agency (NSA) called EternalBlue, the New York Times reported in May.

This malware exploited a flaw in Microsoft software and was used in North Korea’s 2017 WannaCry attack that wreaked havoc with the UK health care service and other major businesses. It was again used by Russia against Ukraine, called NotPetya, but expanded globally and which the New York Times reports cost FedEx over $400m and pharmaceutical giant Merck $670m.

City Power hasn’t been very forthcoming with details, but it tweeted that the attacks “encrypted all our databases, applications and network”. Own emphasis on “all”.

Welcome to the new reality of computer warfare.

This column first appeared in Financial Mail

Exit mobile version