Ransomware and the Zimbabwean Business Environment: The advent of WannaCry!

Cybersecurity has become one of the most essential board room topics the world over as directors’ grapple with the ever growing threat of cyber thugs. Having been overwhelmed by the competitive edge offered by automation, Large corporates and even MSMEs adopted these systems to remain relevant in the business environment of the time. The Y2K effect further drove the consequence of automation to every dynamic business. In the year 1999, businesses came face to face with the reality of critical transition as risk managers raised the alarm of possible trials of system transition to the year 2000.  However, as the years passed by firms realised there weren’t as exposed as previously anticipated and normalcy returned to business. Scroll a decade later and ICT had been transformed to become the centre of service delivery accounting even for the extinction of a number of careers in the process. With the benefits of automation also came the risks of cyber threats. This illicit industry has grown massively into a billion-dollar alternative career excursion. Systems have been attacked and users have lost personal information to the criminals who have since evolved into one of the most feared terror campaigners of the present day.

 

On Friday the 12, 2017 the world woke up to yet another doomsday piece of news: WannaCrypt ransomware attack should make us wanna cry! Dubbed as one of the worst attacks of this generation, the ransomware attacked more than 200 000 in more than 150 countries in shortest period of time ever recorded. The attacks were perpetrated through a known Microsoft system vulnerability, the attackers used leaked techniques for hacking Windows OS that were discovered by the National Security Agency. Despite Microsoft having issued a patch for the vulnerability in March 2017, many legacy systems had not been updated with this patch and thus fell victim to this group known as Shadow brokers. Despite the discovery of a kill switch by a British firm, MalwareTech, the ransomware has since affected some African countries such as South Africa, Nigeria, Angola, Egypt, Mozambique, Tanzania, Niger, Morocco and Tunisia and companies particularly those still using the legacy systems.

 

Why is WannaCrypt special?

WannaCry is not just a ransomware program, it is also a worm. This means that it gets into your computer and looks for other computers to try and spread itself as far and wide as possible. Ransomware has a habit of mutating, so it changes over time in order to find different ways to access computers or to get around patches.

So how does this malware work?

WannaCry works by encrypting data on a computer that has been infected. It then tells the user that their files have been locked and displays information on how much is to be paid and when. The ransomware takes control of files on Windows computers and demands the payment of $300 dollars in virtual currency Bitcoin before it can restore access or double the cost after three days. The ransomware encrypts data on the computer using an encryption key that only the attacker knows. If the ransom isn't paid, the data is often lost forever.

But why did it take so long to find solutions to the attacks and what can be done about it?

Practically some organisations in Zimbabwe view IT security IT security and cyberattacks more as a business development opportunity than as a chance to put their collective heads together to eliminate threats. The pace at which the industry is growing coupled with the rate at which Zimbabweans are adopting automation calls for more concerted efforts to be directed towards addressing information security issues, risk management and overall guaranteeing the continued existence of the firm.

Keep windows updates off? – Zimbabwe is one of the countries with the highest piracy rate for Windows Operating Systems and as such, many of the mechanisms are directed towards making these systems unable to update. However, WannaCry requires that all systems be properly updated hence highlighting a serious challenge for many organisations.

Upgrade legacy systems – in addition, many companies in Zimbabwe are running legacy systems which are seldom updated. This ignorance is driven by the lack of knowledge of the implications of not updating as well as lack of capacity in ICT functions to closely monitor systems updates. The situation is further exacerbated by the lack of standard operating procedures on ICT systems which would allow for continuous monitoring and adherence to global ideals for ICT service management.

Don’t pay - Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.

User Training – in the previous articles that I have written, I have highlighted the importance of people within any information processing system. People are key to the safety of the system from any kind of attack and research attributes their relevance to about 90%! What does this entail; user awareness of how to respond and how they work remains key. Users need to be trained to know their system and to have ownership of that system. When users are well trained and equipped, attackers will find little room to manoeuvre as users will be vigilant. I have noticed that in Zimbabwe, new users rarely undergo IT induction to make them aware of their value to the system. Many thus end up experiment for they do not know what they are doing! Managers thus need to invest in continuous training and interaction of ICT functions and other business related units in order to make them aware of their environment.

Invest – apart from investing efforts in their users, managers also need to channel their resources into ICT function in the organisation through ensuring that ICT personnel receive adequate training in order for them to properly manage ICT infrastructure. Investment also ought to be put in the direction of research and continuous environmental monitoring. Research allows the organisation to keep abreast with the ever changing world of technology and hence allow them to cope with the demands of such changes. Moreover, Business continuity planning and Disaster Recovery Planning also take centre stage. WannaCry is surely going to test the resilience of such mechanism as more data stands at the risk of being lost. It is the duty of every manager and every user to ensure that information is protected for WannaCry is a sure sign that more is on its way!