Ransomware: The new threat to Kenyan businesses

**Overconfidence is one of the reasons ransomware is so effective.** [Courtesy]

Have you ever received a link in your e-mail claiming you have won a free iPhone or a cheap airline ticket? Chances are you were about to be a victim of ransomware. Hopefully, you did not click on the link, regardless of how curious you were to claim your prize.

Ransomware is a type of malware designed to encrypt users’ files or lock their operating systems so attackers can demand a ransom payment. Ransomware is a hijacker. Using encryption, it holds files and systems hostage. The victim then pays the ransom amount, and receives the decryption key, releasing blocked files or systems. Sometimes though, you may pay and not receive the key. Usually, the ransom is paid in cryptocurrency like bitcoin, because of its difficulty in tracking the cybercriminal.

Why would a small business person in Kenya care about this? Well, ransomware is actually one of the main threats in the digital world. In the three months to December 2020, 56.2 million threats were detected by the Communications Authority of Kenya (CA). That was a 59.8 per cent increase in cyber threats compared to the previous quarter.

What a ransomware looks like

In 2017, Kenya, and the world, experienced one of the most devastating ransomware attacks in history called WannaCry. The global hacking attack that led to a total of USD 4 billion in losses, affected at least 19 organisations in Kenya.

The ICT Cabinet Secretary Joe Mucheru named Kenyan banks as among institutions targeted in the large-scale attack against computers worldwide. Almost 80 per cent of Kenya’s servers are based on Windows, another 16 percent on unix or the Linux variant, which makes the country vulnerable.

Ransomware executes in a variety of ways. For instance, an embedded malicious link in an e-mail offers a cheap prize, or an e-mail that a user thinks is from Google Chrome or Facebook invites recipients to click on an image to update their web browser. It could also be a well-crafted website that mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.

What makes ransomware so effective is how fear and panic is placed in the victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Messages like “Your computer has been infected with a virus. Click here to resolve the issue” or “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data,” can cause panic leading to hackers getting their way.

The impact of ransomware

In the digital age we live in, storing data in the cloud, accepting online payments, and doing most business online isn’t about to slow down. Which is why cybercrime like ransomware is also on the rise.

“Some of the targeted platforms include banking, government services and working from home platforms,” reads the CA report in part.

Small and medium enterprises (SMEs) are becoming a target for cybercriminals more and more. The hackers think that SMEs will be more likely to pay the smaller amount they demand from them to get the decryption key, to free their files than pay to fix the system themselves. So they target many small businesses for lower ransoms than a large corporation for a hefty pay-out.

A 2017 Ponemon survey revealed that SMEs are more valuable targets for cybercriminals than consumers, and more vulnerable than large enterprises. Small and medium businesses normally lack the financial and information security resources to prevent, identify, respond to, and recover from threats.

The same report also notes that desktops were the most targeted devices (78%), followed by mobile phones and tablets (37%) and company servers (34%). If the ransomware attack was successful, most (60%) of the victims paid the demanded ransom.

What can you do?

Overconfidence is one of the reasons ransomware is so effective. Most people believe the scheme is being run by a Yahoo boy in Nigeria but the criminals behind these schemes, are actually more sophisticated than a one-man operation.

An antivirus will probably not work either. Previously, you could install antivirus software on your computer that would run, checking for threats or any new signatures every half an hour or so. If a new signature is found, the software takes the signature and distributes it to workstations or downloads it to a workstation.

**Some of the targeted platforms include banking, government services and working from home platforms.** [Courtesy]

You can even amplify this to check every minute though it puts a significant load on the antivirus vendor. Now for 99 per cent of all ransomware on the internet, they change their signature before one minute is up. Assuming your antivirus software could check every minute, you would still be two seconds too late. If you get infected, which you most likely will, it would take 33 employee hours to recover from a ransomware attack. This is why ransomware is working.

As a business, this is not a question of whether your organisation will be attacked, but rather what happens when an attack will occur. A defensive strategy is the only way to be covered. The Communications Authority advices:

I. Ensure that you keep an up-to-date back up of your important computer files offline. This will ensure that in the event your computer is attacked, you can restore your files from the backup.

ii. Ensure that your computer’s Operating System (OS) is updated especially for users of the Windows operating system, which is the main target of the WannaCry cyber attack.

iii. Confirm that your anti-virus is up-to-date.

iv. Avoid clicking on links or opening attachments or emails from people or sources you don’t know or companies you don’t do business with.