Defend Truth

Opinionista

Cybersecurity: Ransomware attack on Virgin Active is a wake-up call we all need

mm

Toby Shapshak is publisher of Stuff (Stuff.co.za) and Scrolla.Africa.

It will be cold comfort to Virgin Active – and all its customers – that last week’s ransomware attack was part of a global phenomenon that is gaining momentum.

First published in the Daily Maverick 168 weekly newspaper.

City Power in Joburg was locked out in 2019, and cities all over the world have experienced this form of malicious software (malware) attack.

In ransomware attacks, malware encrypts files on a device or network, making the system inoperable. The people behind these types of cyberattacks typically demand a ransom in exchange for the release of data.

Security firm Kaspersky found that 42% – nearly half – of the South African ransomware victims paid the fee, hoping to get their data back. Whether they paid or not, only 24% of victims were able to restore all their files. Of all the attacks, 11% lost almost all their data.

South Africa ranks third in the world for the highest number of users experiencing targeted ransomware attacks, Kaspersky found. There was a monstrous 767% increase from 2019 to 2020 in targeted ransomware, whereas general ransomware attacks decreased by 29%. Cybercriminals are now being more precise in their attacks.

“This data shows we have seen a significant proportion of consumers paying a ransom for their data over the past 12 months,” says Kaspersky’s Marina Titova.

“But handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice. We always recommend that those affected by ransomware do not pay, as that money supports this scheme to thrive.”

Sophos, another security firm, found that only 8% of organisations got their data back after paying a ransom.

In South Africa, the average cost of fixing a ransomware attack is a whopping $447,097, more than double the global average of $170,404 paid for ransoms. It also found the average total cost of recovery from a ransomware attack doubled from $761,106 in 2020 to $1.85-million this year.

Even though ransomware is on the rise globally, there is a lot that businesses can do to protect themselves. Hackers can infiltrate systems and lock users out because they use known vulnerabilities in software packages to sneak in and take control.

The first thing any company should do is patch their software frequently, especially when important patches come out.

It’s not always possible to update software, especially highly specialised apps or those dependent on other services, because they sometimes introduce other bugs.

Many companies only have one firewall, or a single form of intrusion detection, when the best practice is to have multiple levels of detection.

Think of your average suburban house in South Africa. Depending on your security consciousness (and/or paranoia), most have a high wall, perhaps an electric fence, dogs, security beams, more dogs, and maybe a machine gun or two.

Protecting your data requires the same kind of multiple levels of protection and detection. The SolarWinds hack of multiple US government agencies last year wasn’t picked up because once the intruders were in their systems, there was no additional security.

A simple security check on how much data was moving internally may have revealed strange activities. This is how the African Union discovered gigabytes of data being moved out of its parliament building by the company that installed it – and was siphoning off a copy of whatever was on the system.

The other crucial thing – not just for businesses but everyone – is backing up your data. For a big firm with lots of customer information, that data should be encrypted, and the backups should also be encrypted.

Liberty reported last year that hackers got into an email repository. An email of a bank of investment statement contains your name, contact details, date of birth, ID number and all the other information a cybercriminal could use for identity theft.

Email, if you aren’t already aware, is the least secure way to send information – and can be easily intercepted.

I will be very happy when banks stop emailing statements to clients – and whomever is intercepting our email.

It’s not great for Virgin Active, nor its clients, but it should be the kind of wake-up call that everyone needs to up their security game. DM168

This story first appeared in our weekly Daily Maverick 168 newspaper which is available for free to Pick n Pay Smart Shoppers at these Pick n Pay stores.

Gallery

Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or sign in if you are already an Insider.

Everybody has an opinion but not everyone has the knowledge and the experience to contribute meaningfully to a discussion. That’s what we want from our members. Help us learn with your expertise and insights on articles that we publish. We encourage different, respectful viewpoints to further our understanding of the world. View our comments policy here.

All Comments 1

  • Re Toby Shapshak’s article on cyber security, how does he suggest that banks should send bank statements to their customers, if not by email?