Sly cyber criminals take over computer systems and hold companies to ransom
In the wake of rapidly increasing global cyber attacks known as “ransomware”, at least four Nelson Mandela Bay business networks have been infiltrated by computer hackers who cause havoc by taking complete control of systems.
One of the targeted companies was this week held to a ransom of more than R67 000 in exchange for the encryption key.
“Ransomware” is an extortion technique used by cyber criminals where data on computers and other devices is encrypted and held for ransom.
Johnny Bags food manufacturers in Swartkops – the latest target – had its systems hacked last weekend, with hackers demanding a ransom of $5 000 (about R67 025).
The attack follows similar incidents at DSV Global Transport and Logistics in Sidwell two weeks ago, as well as at two other companies – one in North End last week and another in Central last year.
The companies were alerted to the hackers’ presence after computer files at the offices had been rendered unusable because they had been converted and encrypted, requiring passwords to unlock.
At least two of the four firms – Johnny Bags and DSV – have since been able to recover the encrypted information without paying a ransom due to both having backed up the affected data.
South African Cyber Security Academic Alliance co-founder Roussouw von Solms said access to company software through ransomware was as simple as a company employee clicking on a “phishing e-mail” which would subsequently download the hacker’s malware (malicious software), allowing the hacker to take control of the system.
Johnny Bags owner Dale Fletcher said according to her IT technician a message had appeared on the monitors of the food manufacturer at about 7.30pm last Saturday, saying “the system will be shut down if you do not respond within 48 hours”.
When she arrived at work on Monday all the systems were offline after the company network containing all the food manufacturer’s deliveries and accounts were encrypted.
Later that day, another message popped up on the monitors stating: “Pay us 5 000 dollars or lose all your data.”
The hackers subsequently provided an encrypted link to remain in contact. The link required users to first enter their credit card details which would in turn unveil the encryption code.
“This is the first time this has happened in our 26 years of operating in PE,” Fletcher said.
“When I read the message demanding ransom we obviously didn’t pay it as I knew we had all the data backed up on hard-drives and we also keep track of everything manually.
“We haven’t taken the matter up with the police but I think I am going to because this is the same as an armed robbery – we just didn’t have guns pointed in our face.
“We are busy with discussions as to how to better safeguard our data, but I already had the best IT security in place and the hackers still found a way in.”
DSV’s chief commercial officer for the Africa region, Jenny Purchase, said: “Our systems were hacked on January 23. We had to operate manually until the 25th while we contained the virus and slowly began uploading the backed-up data.
“We operate on a global scale so we have some of the best anti-virus software available but this virus was unknown to both our experts and our software provider.
“None of our clients’ data has been lost as we were able to retrieve everything.”
Purchase added that a cyber forensic investigation was being conducted by DSV and she was unable to specify the monetary value demanded by the hackers.
While acknowledging that its system had been hacked last week, a North End firm declined to comment. The fourth affected company also had no comment.
Von Solms said any computer with internet access was vulnerable to hackers and anyone could become a hacker as a simple Google search would provide instructions.
“You get different types of hackers. For example, there are cowboys who simply hack systems to brag among friends, there is industrial espionage – selling info of big companies to competitors – and then there are ransomware hackers.
“In most cases ransomware is a result of in-users [employees] who are not trained to identify these types of hacks accidentally clicking on phishing e-mails which allows the hackers’ malware to be downloaded.
“Also these employees take their laptops home, where their kids might use them for internet and subsequently allow the malware to hide in the system until it logs onto the company server where it activates and encrypts company information,” Von Solms said.
Asked if hackers could be tracked, he said: “It is almost impossible to track these people because they move from site to site. SAPS do have cyber forensic experts who can do it but they don’t have the capacity as they are more focused on big cases like child pornography. “Also, because these hackers are usually overseas – which I believe is the case here because of the hackers requesting dollars – forensic experts will spend days tracking which usually results in dead ends.”
Von Solms’s view was echoed by the NMMU Centre for Research in Information and Cyber Security’s Professor Johan van Niekerk, who said: “Worldwide this is very much the trend. And 2017 has been dubbed by international experts as the year of ransomware.”
There were two ransomware hacks overseas late last month in which an Austrian hotel, Romantik Seehotel Jägerwirt, lost control of its door locks, keeping new guests stranded in the lobby, and a police department in Texas had to abandon years of video evidence and digital documentation due to a ransomware attack.
A similar incident occurred in December 2014 when hackers held one of Port Elizabeth’s top paediatric practices, Gebers & Partners, to ransom. Hackers threatened to crash its IT system and encrypt thousands of medical records if a demand for R35 000 was not paid.
Fortunately all the encrypted files were backed up and within a week of the incident they were able to rectify the situation without patient information being compromised.
Police spokesman Warrant Officer Alwin Labans said no cases of cyber hacking had been filed with police yet.