Here's how to foil ransomware hackers: SA cyber expert
In the wake of stolen vehicle recovery company Tracker announcing it had become the latest victim of cybercrime, cyber security expert Professor Basie von Solms on Sunday said the growing number of ransomware demands showed a lack of good governance in corporate companies.
Von Solms said a well-run company with proper backup systems would not easily fall victim to this type of cyber attack as it would, in accordance with international standards, have a proper backup system of all its data in place.
Von Solms said a proper backup system would render would-be hackers powerless.
“If you are ransomed and have proper backup systems, you should be able to flush out your data and install your backup to restore your systems. How it works with a ransomware demand is that the hackers encrypt your data so you cannot use it. By simply reinstalling your backup you would ensure you are up and running again without any problems at all,” he said.
Von Solms said there was no excuse for companies not having proper backup systems in place, saying this was one of the aspects that companies could not compromise on.
He said ransomware demands were on the rise.
He referred TimesLIVE to a recent incident where the City of Johannesburg was hit by hackers in October. The city had reported a breach of its network, forcing it to shut down its website and all e-services, hours after receiving a bitcoin ransom note from a group called the Shadow Kill Hackers.
“These sort of things happen frequently,” he said, adding that a lot of companies usually did not admit to paying the ransom.
“International advice is that one does not pay,” said Von Solms, adding that there was no guarantee of a reaction from the hackers, meaning paying the ransom did not necessarily mean the affected companies would be given the key to restore their systems to normal.
Tracker said at the weekend that on detecting the malware, it immediately took its systems offline as a temporary precautionary measure, stopping the spread to other areas of its system.
CEO Wayne de Nobrega said it had deployed its IT and cyber security teams. In addition, he said the company was “working closely with global and local third party experts to resolve the matter”.
Good progress had already been made to recover and restore some of the affected systems.
“At this time, there is no indication that any customer data has been compromised or accessed.”