Ransomware is on the rise in Kenya – and what to do about it
The first time I became aware that ransomware had become a major ‘thing’ in Kenya was last year when a friend of mine who works in the IT department of a well-known business called me in a panic when their servers had been compromised and mission critical files had been encrypted – thanks to a ransomware attack. Up until that point, I was under the impression that this sort of thing didn’t happen here? Guess what, it does!
My friend wanted to know if I could find an ethical hacker who could decrypt their files or else they would need to pay millions of shillings to have the ransomware disabled. As it turned out, they had no choice but to pay this hefty ransom using bitcoin to restore their business operations. Indeed, such cyberattacks are becoming increasingly common in Kenya and the rest of Africa as we become more digitally connected across the board.
To put things into context, ransomware installs covertly on a victim’s mobile device, computer or network and can then mount an extortion attack that holds data hostage, or an attack that threatens to publish sensitive data, until a ransom is paid. Malware encrypts files, making them inaccessible, and demands a ransom payment to decrypt them.
Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file. I saw a demonstration of exactly how this is done late last year in Nairobi during a presentation by a team from Mimecast, an email security company that is growing its presence in Kenya. It was truly scary stuff and the sad part is that most of us are clueless that over 90% of cyberattacks originate from email which is often the entry point for ransomware and other forms of cyberattacks.
To get a sense of how bad things have become, the 2016 edition of the Kenya cyber security report by Serianu estimates that US$ 175 million was lost through cybercrime. In the same report, it was also noted that the largest contributor of direct losses from cybercrime in Kenya is insider threat.
Insider threats happen when employees, former employees, and other parties initiate malicious cyberattacks on a business due to their intimate knowledge of its technology systems. Insider threats involve fraud, theft of confidential or commercially valuable information, theft of intellectual property, or the sabotage of technology systems. It is exactly in these scenarios that incidences of ransomware flourish.
For many businesses in Kenya, given the current state of cybercrime affairs, it is essential to seek solutions that will protect them from the ransomware. Indeed, there are no protective barriers in an era of clouds, mobility, computing and apps which anyone can access easily. Thus, businesses must invest in building security frameworks that minimize the risks of social engineering attacks, including impersonation attacks like phishing, spear phishing and whaling.
One of the most important steps to be taken in protecting a business is to ensure that the workforce is adequately trained on the inherent risks from cyberattacks, how they happen, and how to stay safe from them. The human factor can be the weakest or strongest link and as such a well-trained workforce can be one of the major deterrents to cyberattacks on many levels – and especially where social engineering is concerned.
The second key step would be to ensure that business processes factor in the ever-evolving methods that cyberattacks use to infiltrate the network. This means well developed business processes can short circuit the very loopholes that tend to allow for social engineered cyberattacks to take place. If something does not follow the process it is then avoided by the intended victim(s).
The third step is to ensure that the technology systems in use in the business are up to date and consistent with current best practices where security is concerned? This means that the business must invest considerable resources – financially and otherwise on solutions that can address the risks. Mimecast is one of the companies that offers an end-to-end cloud-based approach to email security and based on what I saw in their demonstration last year.
The last step is to ensure that a business is protected is that the senior leadership is on-board in understanding what is at stake and being fully invested in protecting business assets from cyberattacks. This sort commitment means staying up to date in terms of the latest trends and the business processes as well as people-centered activities that can maintain a secure organization across the board from cyberattacks. In taking this approach, businesses then have the peace of mind that leadership is in the driving seat in managing risks of any kind.