It all started with a seemingly harmless email asking him to click a link to get free information on how to keep his computer secure against hackers and cybercriminals, but what happened next baffled early-stage Nigerian entrepreneur Okoye John.
“All I saw were popups and redirections. Then a notice came up asking me whether I would like to restart my computer in order to complete the installation process. I wanted to say no but it restarted anyway.
When it finally came up, everything appeared normal and I thought I’d dodged a bullet. But when I decided to take a look at the spreadsheet file containing our inventory, a message came up informing me that I couldn’t access my files until I paid the equivalent of $450 in bitcoin.”
He asked tech experts for help but no one was able to resolve the crisis. “I was told what happened was as a result of a ransomware and I had just two options – pay the ransom or lose the files on my machine,” he said. Ransomware is a type of computer virus that establishes itself in a user’s device and holds their data hostage or threatens to leak it. Many enterprises across the continent are quietly struggling with how to protect themselves against this threat but are afraid to report it for fear of incurring reputational damage.
In Nigeria, the Central Bank of Nigeria (CBN) and other stakeholders came together in 2016 to form the Nigeria Electronic Fraud Forum (NeFF) to combat ransomware in the country. “Ransomware is not a threat in Nigeria for now, but it is just by our border post,” claimed chairman Dipo Fatokun on the sidelines of a NeFF meeting in Lagos last year.
“It is something that has been reported in Ghana and if it has been reported in Ghana, it means it can happen here. If this happens to any bank in Nigeria, you know the effect it will have on the customers and even the financial system. So, because we don’t want it to happen, we are meeting to put in preventive measures that will ensure we do not experience that in the Nigerian banking space.”
A growing challenge
Many security reports have described ransomware as an imminent challenge for African businesses. In Check Point Software Technologies’ monthly list of countries under threat for November 2016, five African countries were among the global top 10. Botswana was in first place, followed by Malawi (2nd), Namibia (4th), Uganda (9th) and Democratic Republic of Congo (10th).
The report described attacks targeted at businesses as “relentless” and said that spam emails remain the major medium through which they spread – which is the main reason why enterprises are the worst hit.
“An individual may be reluctant to open emails from unfamiliar senders but an enterprise would like to reach out to as many potential clients as possible, which is why they are more likely to open such emails containing ransomware files,” says tech security analyst Peter Oluka. “Furthermore, company emails in African establishments are rarely managed by individuals with security expertise – it’s more of a job for secretarial members of staff who may not be able to understand how the whole process works. Tech experts are only called upon when there is a problem so I believe this will continue to ravage African businesses in 2017.”
Furthermore, the increasing threat of ransomware is evident in the rapid growth of the different types of malicious software, or malware, responsible for them. Locky, which leads the pack in 34 countries across the world, was only rolled out in February 2016.
Others, including Conficker, which is the top malware in 28 countries and accounts for 15% of reported attacks, are also rapidly growing. Security experts believe that more will join the race since the space has become lucrative for malware developers.
“Among other Trojans, Locky caught our attention because it was so active and spread so quickly,” Fedor Sinitsyn, senior malware analyst at Kaspersky Lab South Africa told tech news website Fin24. “We also noticed that the attacks weren’t partial to any particular region – we have received notifications about attacks in over 114 countries across all continents. No other ransomware Trojan to date has targeted so many countries at once.”
Coping with imminent threat
Security experts are unequivocal in discouraging the payment of ransoms. “Paying for ransom is a dangerous option,” warns IT security company ESET. “For starters, there is no guarantee your files will be returned or that the malware will be removed. Will the hacker exploit you again in six months’ time?” But in spite of this warning, enterprises often base their decision on how vital the dataset involved is to the company’s operations.
“American companies have publicly admitted to paying tens of thousands of dollars to have their files back and with bitcoins increasingly popular in Africa, it is not going to be surprising if banks and other corporate entities that are successfully targeted go all the way to making the payment because of what could happen if they don’t get access to the files,” says Oluka
“Symantec said the act plays right into the psychology of the target and I couldn’t agree more when you review the irrational behaviours of African victims,” he continues. “It is good that conversations about ransomware are underway in Africa but what is most important is file backup. This is the main way to protect files against ransomware. The other is being cautious about opening suspicious files.”