LESEGO ROLLS INTO THE OFFICE, sits down at her desk and powers up her PC. She is dreading the dozens of new emails arriving in her inbox, but now her email program has crashed. She decides to work on her sales report instead, finds the folder and clicks the file. It’s demanding a password: a password she doesn’t have. Lesego can hear the astonished gasps of co-workers around the room. Nothing is working and dozens of her colleagues have been locked out of the system.
No one can get any work done. The entire company is at a standstill. The network has been hacked, all the company’s data is now being held to ransom, and someone is going to have a seriously bad day. Lesego’s boss will shortly receive a message informing him that all of the servers have been encrypted – locked with an uncrackable key – and he has two days to pay into an anonymous bank account.
It’s an increasingly common scene, even in SA. Welcome to the world of ransomware, a malicious new kind of software. Lesego and her company have just joined thousands of other organisations around the world as the latest victims.
Bandits no longer lurk on dark and deserted streets looking to ambush the unwary. That’s far too risky when they can use the information superhighway anonymously, instead. The anonymous hackers generally prefer being paid in Bitcoin (BTC) – a digital currency that’s almost untraceable, but can be used to buy goods online.
While it’s just about impossible to trace ransomware back to the original sender, security agencies have named Eastern Europe and
Russia as ransomware hotspots. HACKER BUSINESS In early 201 7, The New York Times reported on an Austrian hotel that
suddenly found its guests locked out of their rooms. The locks were controlled by an electronic key system, and the hotel could not
access its own computer system.
Then management received an email, demanding a ransom of BTC 2, including details of how to deposit the money. The message
ended with: ‘Have a nice day!’ It was peak season, with guests paying around R6 800 a day for their rooms. Unwilling to break down the door to every room, the hotel paid up.
In 2016, Hollywood Presbyterian Medical Center in Los Angeles had all its medical files and computer network frozen, and eventually paid BTC 40 to regain control of them. Companies, municipalities, schools and even police departments have
all been ransomware victims.
Most ended up paying, because their choices were very limited. The pirates cleverly keep the ransom demands low
enough that it’s relatively easy to just settle the bill. They also impose deadlines, threatening to double the ransom if these are
missed. They’re rarely caught. The chain of forensic evidence is just too long and too tough to break. It is almost the perfect crime.
The US-based Institute for Critical Infrastructure Technology (ICIT) last year published a 40- page report detailing the scale
of the problem. According to ICIT vice president and chief security strategist at cyber-security firm
Securonix, more cybercriminals are getting into ransomware: ‘It is a volume business. It’s simple, relatively anonymous and fast.
Some people will pay, some will not pay, so what. With a wide enough set of targets, there is enough upside for these types
of attacks to generate a steady revenue stream.’
WORLD OF OPPORTUNITY
And there’s a wealth of targets. From phones to TVs and smart home devices, ransomware can be distributed to any digital device
with a connection to the Net. It can be downloaded through apps, email links or, most commonly, through flash drives brought into the office.
Ransomware criminals have carved themselves a rather tidy niche. Unlike hackers, who look to manipulate or steal data, ransomware criminals focus on preventing access to data. Typically, if someone steals company data, the business finds a way to
keep the doors open and continue operations as normal. Employees and customers will not like it one bit, but business will carry on.
In a ransomware attack, when you’re cut off from your systems, your business comes to a grinding halt.
A LOCAL STORY
In early 2017, an architecture firm in Cape Town fell victim to classic ransomware. It is believed that a staff member opened an email
attachment, which released the ransomware on to their network. The firm received an email stating their servers had been encrypted