It will be cold comfort to Virgin Active – and all it’s customers – that last week’s ransomware attack is part of a global phenomenon that is scarily gaining momentum.
City Power in Joburg was locked out in 2019 while cities all over the world have experienced this form of malicious software (malware) attack.
Security firm Kaspersky found that nearly half of the South African ransomware victims (42%) paid the fee hoping to get their data back. Whether they paid or not, only 24% of victims were able to restore all their files. Of all the attacks, 11% lost almost all their data.
South Africa now ranks third in the world for the highest number of users experiencing targeted ransomware attacks, Kaspersky also found. There was a monstrous 767% increase from 2019 to 2020 in targeted ransomware, while general ransomware attacks decreased by 29% – which demonstrates that cybercriminals are being more precise in their attacks.
“This data shows we have seen a significant proportion of consumers paying a ransom for their data over the past 12 months,” says Kaspersky’s Marina Titova. “But handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice. Therefore, we always recommend that those affected by ransomware do not pay as that money supports this scheme to thrive.”
Sophos, another security firm, found that only 8% of organizations got their data back after paying a ransom. In South Africa, the average cost of fixing a ransomware attack was a whopping $447,097, over double the global average of $170,404 paid for ransoms. It also found the average total cost of recovery from a ransomware attack doubled from $761,106 in 2020 to $1.85m this year.
Even though ransomware is on the rise globally there’s a lot businesses can do to protect themselves. Hackers can infiltrate systems and lock the users out because they use known vulnerabilities in software packages to sneak in and take control. The first thing any company should do is patch their software frequently, and especially when important patches come out. It’s not always possible to update software, especially highly specialised apps, or those dependant on other services, because they sometimes introduce other bugs. Many companies only have one firewall, or form of intrusion detection, when the best practise is to have multiple levels of detection.
Think of your average house in South Africa. Depending on your security consciousness (and/or paranoia), most people have a high wall, perhaps an electric fence, dogs, security beams, more dogs, and maybe a machine gun in placement or two. It’s hard to take Minerals and Energy Minister Gwede Mantashe seriously because there is no way any South African would not know everything about their home’s security.
Protecting your data requires the same kind of multiple levels of protection and detection. The SolarWinds hack last year of multiple US government agencies wasn’t picked up because once the intruders were in their systems, there was no additional security.
A simple security check on how much data was moving internally, might have revealed strange activities – which is out the African Union discovered gigabytes of data being moved out of its parliament building by the helpful company that installed it – and was siphoning off a copy of whatever was on the system.
The other crucial thing – not just for businesses but everyone – is backing up your data. For a big firm with lots of customer information, that data should be encrypted, and the backups must also be encrypted. Last year Liberty reported that hackers got into an email repository, but an email of a bank of investment statement contains your name, contact details, date of birth, ID number and all the other information a cybercriminal could use for identity theft. Email, if you aren’t already aware, is the least secure way to send information – and can be easily intercepted. I will be very happy when banks stop emailing statements to its clients – and whoever is intercepting our email.
It’s not great for Virgin Active, nor its clients, but it should be the kind of wakeup call that everyone needs to up their security game.
This article first appeared in the Daily Maverick.