Kenyan banks were among the institutions targeted in a large-scale attack against computers worldwide that began on Friday, ICT Cabinet Secretary Joe Mucheru said on Saturday.
A computer virus spread through email, which sees all company’s computers infected if a single device gets it through an employee opening a contaminated email, had by Saturday registered more than 75,000 attacks in an estimated 99 countries according to Avast, a Czech-based firm that develops anti-virus software.
Kenya was not spared of the attack by a ransomware called “WannaCry” that crippled all services at public hospitals in the United Kingdom, froze some computers used by the Russian Interior ministry, impaired operations in German train stations among other disastrous outcomes.
LOCK DOWN COMPUTERS
According to Mr Mucheru, there were “traces of people attempting to do the same thing” in Kenya with the ransomware that sent shivers across the globe given its power to lock down computers connected to servers that use the Windows software.
“Some financial institutions have faced some of these attempted challenges from Friday,” Mr Mucheru told the Nation.
A map prepared by Kaspersky, a Russian anti-virus services provider, showed Kenya had been targeted on the initial phases albeit on a smaller scale compared to countries like Russia and India.
In Africa, Tanzania, Egypt and South Africa were among those affected, according to Kaspersky’s data.
Mr Mucheru did not disclose how the attempts had been made or whether any computer had been grounded.
“Right now, we are trying to do an alert. Most of the anti-viruses are able to catch a lot of this; but there are still some people who have not updated their systems. We need them to update their systems urgently,” he said, adding that Kenya has a number of vigilant teams that are monitoring such attacks at any given time.
Once infected, a computer freezes and displays just two messages: one as a window on the screen and another one replaces the desktop wallpaper.
The message on the foreground tells the user that their computer has been encrypted and that if they want to regain access to the files in it, they have to pay $300 (Sh30,960) before regaining access.
DISABLE ANTI -VIRUS SOFTWARE
“Oops, your files have been encrypted!” screams the headline of the message that appears on a red background before explaining how a person can get themselves out of the “mess.”
The message on the desktop wallpaper is crafted to tell the computer user to disable anti-virus software “if you need your files.”
Interestingly, the makers of the code ask for payment in Bitcoin, a computer-generated currency whose movements are hard to trace.
“Send the correct amount to the address specified in this window,” says part of the message that appears in a window on the screen.
The genesis of the attack has been attributed to the theft of confidential data from the United States’ spy body National Security Agency (NSA). The data contained insights on how to crack into various gadgets.
NSA had realised a flaw in Microsoft systems and it is believed the agency was using it to gather information.
Microsoft learnt of the exposed vulnerability, nicknamed “EternalBlue”, and released an upgrade for their systems in March. Microsoft explained why people had to install the upgrade — called a patch in tech terms — in their systems.
“The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server,” it warned.
Most of the computers that suffered the latest attack, experts say, are those who had not installed Microsoft’s March upgrade in their servers.
“The exploits that are being used are fairly old. It is just that people take long to upgrade and patch their systems. So, they should patch their systems like yesterday,” said Mr Mucheru.
WARD OFF ATTACK
To ward off the attack, a Nairobi-based expert asked firms need to train their employees on how to keep off malicious material.
“Staff at all levels must undergo training on cybersecurity. This way, it will be easier to protect institution from information theft that potentially leads to ransomware,” said Mr David Kanyanjua, the chief executive of Three Quality Services (3Qs) that offers computer security courses.
Mr Mucheru also asked Kenyans to be vigilant about the emails they receive.
“Everybody must be sure what emails they’re opening, of what things they’re allowing into their computers,” he said.
SPREAD MALICIOUS CODE
Though there were reports on Saturday that the spread of the malicious code had been “accidentally” halted by a British cybersecurity researcher before it could wreak more havoc, the threat of it worming its way into more computers was still there.
Mr Steve Grobman, the senior vice president and chief technology officer at McAfee, an American anti-virus software maker, wrote in a blog post on Friday that the infection was the first of its kind.
“This week’s attacks leveraging the WannaCry ransomware were the first time we’ve seen an attack combine worm tactics along with the business model of ransomware,” he stated on the McAfee blog.
Mr Grobman said the attacks mirrored those in the late 1990s and the early 2000s that spread like bushfire because “they didn’t require a human to take any action.”