The rise of ransomware

In light of recent news of the first ransomware campaign targeting Mac users, Alto Africa CTO Oliver Potgieter shares his experience and tips on how best you can protect yourself from being a victim.

Johannesburg, 16 Mar 2016
Read time 3min 30sec

I'd be surprised if you haven't heard of ransomware before. This is when hackers gain access to your computer through malicious or infected Web sites or pop-ups, and then encrypts a portion of your hard drive and all your important files, says Oliver Potgieter, CTO of Alto Africa.

The first sign of trouble is a notice on your screen demanding cash (usually in Bitcoin) to unlock your data. If you ever needed more convincing on the importance of having secure data backups, this is it.

The technology used in these attacks is so sophisticated even the FBI is now advising to "just pay the money". And, unlike the large corporate data breaches we tend to see happening in the US and the UK, ransomware is active right here in our little corner of Africa. I personally know of four people who have been subjected to ransomware attacks in the past three months (none were using Cloudbox, of course).

So, what can you do to protect yourself?

* Use reputable business-grade anti-virus and a firewall. I'm not going to mention any names, but the free stuff just doesn't cut it anymore, and it's simply not worth the risk for the minimal cost that gets you really good protection.
* Make sure data backups are done often, automatically, and securely.
* Make sure your IT is properly managed. There is nothing worse than expecting to have secure data backups and it's not there when you need it.

* Browse safe. The Internet is a little bit like a big city: You know when you're in the wrong part of town. Be careful and stay safe. Don't click on that alleyway when you don't know what's down it.

Just this past month, I came across my fourth case of ransomware. Someone I know (Chatham House Rules apply) got hit the hardest I've seen yet. We think the malware got into the environment via a USB stick on an unprotected laptop, walked into the network and then onto an aging and badly maintained onsite server. All in all, nearly 9TB of critical business data was encrypted, with a lovely little calling card with instructions on how to use a TOR browser and head off to the dark Web to pay around $700 in Bitcoin to unlock the data.

Things got worse from there, and I found myself in search of 1.87 BTC to do a deal with the criminal underworld. The next hurdle: to legitimately purchase Bitcoin in South Africa through an exchange like BitX, you need to FICA yourself, and jumping through that hoop as a company can take up to five days (which was obviously too long). Luckily, I know a guy who knew a guy, and once you're in the game, you can transfer Bitcoin easier and faster than finding an Uber driver at OR Tambo.

There are only really two ways out of a situation like this: Have recent and reliable data backupsto restore from, or pay the money. So, we did the deal, spent a couple of nerve-wracking hours working through the ominous warning of "you have to disable your anti-virus to run this decryption software", and got the 9TB of data back. Several people have expressed amazement that the $700 actually got the right stuff to unlock the files, but you need to remember this is not some pimply teenager having fun - this is serious organised crime and big business.

And even though this was not a Cloudbox client, they are starting to see the value in properly managed IT and industry-leading security.

Security and compliance have been key parts of Cloudbox from the start, so if you're with us, do not worry, we've got your back. And if you're not, maybe it's time you gave us a call? Get in touch on 021 201 1351.

Editorial contacts
Alto Africa Technologies Thando Kumalo (+27) 21 201 1350
Login with