Ransomware hits 14 servers in Kenya

Since Friday last week, a wave of unprecedented cyberattacks has swept across the globe, with over 350 companies and hundreds of thousands of computers in 152 countries affected by Wednesday morning.

The attack by a computer worm or ransomware called WannaCry (Wanna Decryptor) targets the Microsoft Windows operating system, encrypts files and demands that the user pay ransom before being allowed to continue using the computer.

MULTINATIONALS

On Tuesday, computer forensics and data recovery company East Africa Data Handlers said it had received 14 cases of servers that had been affected by the ransomware.

Among these clients are two multinationals, which had the entire 15-year data manipulated and lost.

Managing Director George Njoroge said the company has been able to fix and restore the servers for five of the companies but admitted that it was unable to fix those from two other firms.

“The malware has different variations and sometimes the companies come with the complaint when it has already been manipulated even more,” Mr Njoroge said.

The data recovery, he said, is costly and takes time, and that may interfere with the smooth running of businesses.

PHISHING

The existence of the malware in the country has been confirmed by the country's cybersecurity response agency, the National Kenya Computer Incident Response Team Coordination Centre, or KE-CIRT-CC.

Mr Njoroge warned that many companies in the country are at risk of being attacked by the ransomware.

“The biggest problem is that companies and individuals don’t upgrade their security infrastructure, mostly because of the current economic challenges,” he said, adding that the best solution is to keep pace with the dynamic changes in technology.

He tipped companies to completely switch off and isolate affected computer(s) from the network immediately after they discover they have been attacked by the malware and call in experts to remove the programme.

“Computer users should also avoid opening links whose sources they do not know as the main carrier of the malware is phishing,” he said.

Phishing scams are sent through emails appearing to be from genuine and famous companies with the aim of acquiring information and installing malicious software.

RANSOM

Mr Njoroge urged companies to back up their data and block certain untrusted websites from their servers.

Simon Kipruto, the head of the cybercrime unit at the Directorate of Criminal Investigations, said no company or individual had reported a cyberattack, adding that most companies choose to solve such problems without reporting them to the police.

Globally, companies that had been affected by the attack told the media that the attackers demanded that they pay ransom in the cryptocurrency Bitcoin.

The ransomware works by encrypting files and making them inaccessible and unreadable, before asking the user to pay a specific amount of money in order to access their own data.

The frozen-screen warnings are much the same as those that started in Britain and spread across the world, reports Charlie D'Agata, a correspondent for America's CBS TV network.

The "WannaCry," malware programme that has held the globe in the grip of fear was first uncovered in documents stolen from the US National Security Agency, exposing a vulnerability in Microsoft's operating systems.

BACKUP

So far, the attack has affected big users such as Britain’s National Health Service, FedEx, transport company Deusche Bahn and airline company Latam.

On Sunday, Kenya’s Communications Authority (CA) warned about the attack, which is spread through e-mail phishing, and asked users to take caution.

The authority also urged Kenyans to keep an offline backup of their documents and files so that they can restore them in case they are attacked.

CA Director-General Francis Wangusi, while discouraging people from paying ransom as there is no guarantee the files would be restored, said once the attack hits one computer, it tries to spread to all computers in the network.

He urged organisations and individuals to ensure that they have good and updated anti-virus programmes installed in their computers to safeguard their data from the malicious software.