Tracker hack hints at more ransomware attacks in SA
South African organisations are likely to continue falling prey to ransomware attacks this year.
So says Heino Gevers, cyber security expert at Mimecast, after stolen vehicle recovery company Tracker revealed it was hacked on Sunday.
Founded in 1996, Tracker claims it now has over a million active subscribers.
In a statement, the company said: “Tracker has been targeted by a cyber crime attack in the form of ransomware that encrypted information on some systems, disrupting customer access to its services.”
While customers may not be able to access the Tracker system, it said it is continuing to successfully recover vehicles.
The firm said on detecting the malware, it immediately took its systems offline as a temporary precautionary measure, stopping the spread to other areas of its system.
Tracker also deployed its IT and cyber security teams and is working closely with global and local third-party experts to resolve the matter.
By Sunday morning, it said, good progress had already been made to recover and restore some of the affected systems.
“At this time, there is no indication that any customer data has been compromised or accessed,” said the company.
“South African organisations are likely to continue being targeted by cyber criminals until they enhance their security efforts with a comprehensive cyber resilience plan that provides multi-layered security cover and effective business continuity and data recovery capabilities,” Gevers says.
He explains that a ransomware attack involves a breach of a company’s IT systems, usually by compromising security systems through an e-mail-distributed threat, with the attackers encrypting and “holding hostage” critical business data until a ransom is paid.
Last year, City Power, the City of Johannesburg’s electricity utility, was hit by a ransomware attack that encrypted databases, applications and network.
Later on, the City of Johannesburg also suffered a cyber security breach. The hackers then demanded payment of 4.0 Bitcoins by 5pm on 28 October, failing which they would upload all the data onto the Internet.
According to Mimecast’s most recent global research, more than 15% of South African organisations reported significant business impact from a successful ransomware attack in the past 12 months, with a further 27% reporting some impact.
Alarmingly, 76% of South African organisations experienced downtime of two to five days following a successful ransomware attack. And for more than 10%, a whole week went by before they returned to a recovered state following a successful e-mail-based attack.
Gevers says from information available in the public domain, the attack disrupted customer access to certain Tracker services.
“Although the extent of the breach still needs to be determined, it is vital that companies that fall victim to cyber attacks disclose this to customers. While there is likely to be some reputational damage – which is usually the case with successful data breaches – customers need to be able to take steps to prevent their personal information from being used for further targeted cyber attacks.”
He adds that ransomware is becoming increasingly sophisticated and cyber criminals are concentrating their efforts on developing this attack method.
“In previous years, South African ransomware statistics were lower than global statistics, but it appears cyber criminals are turning their attention to what they perceive to be soft targets in South Africa. The indications suggest we can expect an increase in these kinds of attacks in 2020.”
Eran Brown, EMEA chief technology officer at Infinidat, says: “It is clear that ransomware attacks have become a significant concern and that attackers do not distinguish between government entities and commercial ones.
“Make no mistake – any business is susceptible, as so many critical functions today depend on IT infrastructure. A multi-layered approach to security is critical to securing an organisation and can provide that elusive ‘peace of mind’ in the event of an attack.”