In May 2017, a cyberattack began in London and affected over 200 000 computers in 150 countries, including the UK, US, Spain, Ukraine, France, Russia, Australia, Indonesia, Singapore, India, Sweden and Norway.
The malicious software, or ransomware, paralysed hospitals, disrupted transport networks and immobilised businesses.
Ransomware is malicious software that encrypts all the data on your computer and demands payment in Bitcoin crypto currency ($300 and up) to get access to your data again.
Known as WannaCrypt or WannaCry, this ransomware leveraged a software vulnerability previously only known to the US National Security Agency (NSA). A group called ‘Shadow Brokers’ managed to get hold of some of the NSA tools and leaked it to the internet, resulting in less sophisticated attackers ‘weaponising’ the vulnerability to spread their ransomware across the internet. All current versions of the Microsoft Windows operating system were vulnerable, sending IT teams across the world scrambling to patch all their systems.
Microsoft compared the severity of the attack with ‘the US military having some of its Tomahawk missiles stolen’. It called it a ‘wake-up call’ and identified ‘nation-state action and organised criminal action’ as ‘the two most serious forms of cybersecurity threats in the world today’.
The full cost of the attack and associated computer outages is not known yet, but is estimated at hundreds of millions of dollars. Cyber security companies have warned that South Africa is at risk of losing more than R1 billion from cybercrimes alone.
What you can do
As the world becomes more connected with more devices going online (smart televisions and watches, home automation, etc), digital threats will continue to increase. It’s the mutual responsibility of business and consumers to protect personal and business computers from cyberattacks.
In addition to backing up your important data (eg external hard drives) regularly, here are a few recommendations:
Never click on emails from an unknown source. Hackers use phishing emails to encourage you to click on an embedded link or attachment. Once you click on and open the link or attachment, you could be taken to a website and asked to enter sensitive information or malware can be downloaded onto your device. With ransomware, you are locked out of your device until you pay a ransom in Bitcoin.
Make sure you update your software and apps as soon as a new version becomes available. Operating systems and apps all have bugs or security vulnerabilities that hackers can exploit. Only download updates from trusted parties, such as Apple’s App Store or from a company’s verified website. Importantly, make sure your anti-virus programme is up-to-date.
Have strong passwords – Use upper and lower case letters, numbers and special characters – and do not use the same password across multiple sites. Take advantage of two-factor authentication, where you get a unique one-time password by SMS directly to your cellphone. Even if hackers know your main password, they cannot access your account without the one-time password.
Switch off your computer, especially your Wi-Fi, Bluetooth or Hotspots, when it’s not in use. Hackers can’t access your computer when it’s not connected to the internet. Rather don’t use free public Wi-Fi but only Wi-Fi networks you are familiar with and trust.
How Investec keeps systems safe
Investec has a dedicated team of cyber security experts that stays up-to-date with the latest events across the world to ensure our systems are safe from attacks. We believe in a people centric strategy, combining people, process and the latest cutting-edge technology to stay one step ahead of attackers.