Ransomware Driving Crime | Ransomware

Ransomware Driving Crime – Porsche SA Hits the Brakes After Faust Attack 

High profile cyber attacks on prominent companies continue with no end in sight, and the famous luxury sports car manufacturer Porsche has become their latest victim.

Known for its fast, high performance cars that combine speed and styling, Porsche South Africa saw its operations screech to a halt recently when the company’s critical information was held to ransom by cybercriminals.

Porsche headquarters in Johannesburg fell prey to the Faust ransomware variant which has been wreaking havoc in organisations around the world. Managers were shocked to find their company data compromised, encrypted, and inaccessible.

Porsche has declined to comment about what data was involved and whether it was fully recovered or not. Nonetheless, internet users and business owners in particular should be on high alert for the Faust ransomware variant.

why is Faust so dangerous?

Losing access to vital company information and computer systems can cost a business up to seven figures or more in no time at all.

  • Faust, the version of ransomware that was used to attack Porsche, is especially damaging because it’s difficult to decrypt files that have been encrypted using the system.
  • File names can also be changed by Faust, which modifies file data and extensions.
  • The usual MO of this highly effective type of ransomware is to encrypt the user’s data and then contact the company, demanding a ransom payable in bitcoin.

Unfortunately, cybercriminals can extort companies twice using Faust since the data that was compromised could have already been sold on the dark web by the time the ransom is paid in exchange for decryption.

To date, Porsche hasn’t said whether the company paid a ransom or not.

Cybersecurity best practices encourage companies to keep the details of the ransom private to deter cybercriminals from attempting repeat attacks on organisations that are more likely to pay up.

keep your data safe from Faust and other malware

Faust, like many other types of viruses and malware, often infiltrates company computer systems through malicious downloads. This makes it crucial for all staff to be trained in cybersecurity best practices and avoid downloading files whenever possible.

To avoid a scenario like Porsche has just experienced, your business needs to have a full backup of all important data with secure cloud storage and encryption to keep it safe. To learn how you can protect your vital information from cybercriminals, browse our range of cloud storage packages today.

Ransomware Attacks | Cloud Backup

Why are ransomware attacks so successful?

Ransomware has become the number one worry on the minds of IT security experts, and company owners, and it doesn’t show any signs of disappearing.

South African companies and individuals have been hit hard by cybercriminals over the past few years. The country ranked eighth in terms of ransomware attacks in 2021, with the cost of cybercrime overall exceeding R2 billion the year before.

There’s little doubt that ransomware is an extremely damaging online phenomenon, but why are ransomware attacks so successful and how can you avoid becoming the next victim?

weak defences and smart attackers: a dangerous match

Like any kind of crime, a successful ransomware attack relies on criminals bypassing your data security to gain access to your computer network.

  • As cyber defences improve, hackers get smarter and find ways of bypassing them.
  • The easiest target of all is a business that isn’t using the latest cybersecurity solutions or hasn’t updated them recently enough.
  • Cybercriminals are using advanced social engineering and exploiting vulnerabilities in companies’ online defences to break through and execute ransomware attacks.

As a business owner, you and your staff will need to be on the lookout for suspicious emails and other messages while keeping your antivirus, firewall, and secure cloud storage up to date.

There are two types of ransomware that you need to be able to spot:

  • Random penetration attempts sent to thousands of email addresses and phone numbers (these are more obvious and usually easier to spot).
  • Targeted attacks which involve hackers researching and infiltrating a specific business. These are more dangerous because they read like legitimate communications.

are you dealing with a hacking hacker or a cybercrime mastermind?

If you receive a generic email or text message that looks suspicious you probably know what to do already: delete and forget.

Messages like this are usually easy to pick up because they sound fake. Vague wording, promises that sound too good to be true like lottery winnings or other kinds of free money are signs that you’re just one of many hundreds of thousands of people who have been targeted by a hacker.

On the other hand, if you receive a message that seems to be addressed to you, and could be from a legitimate business or even someone you know, you’re less likely to think that it could be a ransomware attack.

But if it is, your data could be in jeopardy.

  • Cybercriminals have taken to researching companies and even individuals in depth to identify easy targets. If this sounds scary, it really is.
  • Your privacy may have already been invaded by cybercriminals and your details could be doing the rounds on the dark web. Usually this happens after data leaks compromise your personal information.

Keep your data safe with high-tech cloud storage

Ransomware may be all over, but you don’t need to be its latest victim.

Updating your online security, including antivirus, firewall, and secure cloud storage solutions are the best ways you can make your information harder for hackers to access,

Soteria’s range of encrypted, secure cloud storage solutions are an ideal starting point for any business or family wanting to stay safe online. Browse our range of cloud storage packages to get started.

Be Prepared for ransomware attacks | Ransomware

‘Tis the season to be careful: Avoiding ransomware attacks over the holidays

The festive season is upon us, and with it comes the unfortunate spike in crimes that accompanies the summer holiday season every year. Recently, cybercrimes have joined this trend with the number of ransomware attacks and other data breaches increasing in the December to January period.

As you prepare to close down for the summer and take a well-deserved break, cybercriminals are gearing up for a destructive holiday season. Here’s what SA families and business owners need to know in order to keep their data safe this year.

Africa: a prime target for cybercrimes

The African continent is ripe with opportunity, and internet adoption is running at double speed from Cape to Cairo – but cybersecurity is lagging, and that means huge vulnerabilities over the festive season and beyond.

  • The Interpol African Cyberthreat Assessment Report indicates that over half a billion internet users log on from locations in Africa. Internet penetration in countries like Kenya is over 80%, with SA approaching 60%.
  • Unfortunately, up to 90% of businesses in Africa are running sub-par cybersecurity protocols. This makes the continent a sitting duck for data thieves and ransomware hackers – and the festive season is the best time for them to strike.

Holiday season staffing opens vulnerability gaps

With many companies shutting shop for the festive season, skeleton crews will be taking the reins at IT departments around the country. That means fewer hands-on deck at a time of year when cyberattacks are at their peak.

South African companies typically have 50% of their cybersecurity staff on hand during the year-end holiday, compared with 80%-90% in other countries like Germany.

Securing your data during the year end break is essential, and it starts with secure passwords, cloud storage, and comprehensive backups. Making sure that these are in place before you close down for the holidays will let you rest easy as you enjoy a well-deserved rest.

Backup against ransomware attacks with Soteria Cloud

With reduced resources over weekends and during the holidays, assessing and assembling an incident response team in the event of a ransomware attack takes longer. Regular data backup is the best way to protect yourself against an attack at any time of the year.

We are an innovative cloud storage and backup service provider based in Cape Town. Learn more about what we offer and how it can keep your business data safe here.

Held to Ransom | Ransomware

Never too small to be held to ransom

Ransomware attacks affect businesses of all sizes, and although it’s usually the big names that make it into the media reports an increasing number of SMEs are falling prey to cybercrime and being held to ransom.

As a small business owner, online security needs to be one of your biggest priorities. Here’s why ransomware attacks are something that could affect your enterprise directly – and what you can do to reduce your chances of losing crucial information to cybercriminals.

Ransomware is on the rise and our alertness should be too

Recent reports indicate that ransomware attacks against South African businesses have increased sharply over the past year and this trend shows no sign of reversing.

Large cyberattacks on retail giants like Shoprite and banks such as Absa may give the impression that only large corporations are being targeted by criminals, but this isn’t necessarily the case.

  • SMEs are easy pickings for cybercriminals and particularly vulnerable to being held to ransom
  • Many SMEs believe that their small business is not worth targeting, and consequently, haven’t made the necessary preparations to protect themselves against a ransomware attack
  • A typical South African SME may have invested in antivirus software, a firewall or basic email security, but these measures may not be enough to keep a ransomware attack from happening – especially if they haven’t been updated recently.

Cybersecurity awareness may be lower in small businesses that don’t have a dedicated IT department. This can cause employees to be lax when it comes to their online behaviour, opening the door for a cyberattack.

Secure your business against online threats

SMEs make up almost 98% of business in South Africa and employ nearly 60% of our workforce. With the Covid lockdown companies moved to remote working, which came at a big cost to small businesses. Many have opted to keep a hybrid model which opens them up to an additional range of cybersecurity issues and makes them particularly vulnerable to ransom attacks.

To reduce the risk of a ransomware attack, small businesses should ensure that they have the following security measures in place.

  • A high-quality up-to-date firewall
  • Commercial grade antivirus software
  • Encrypted secure cloud storage
  • A comprehensive data security policy with training for employees
  • A communications policy that is designed to prevent unintended data leaks, including sensitive information like passwords.

No matter what size your business is, secure cloud storage is one of the best first tips you can take to keep your data safe. Get started with cloud backup today by browsing one of our packages for enterprise users.

Financial Services Ransomware Attack | Ransomware

Ransomware attack hits financial services firm Curo

Curo is one of the country’s best-known asset management firms with more than R2 trillion in its overall portfolio. The company was hit by a ransomware attack in early 2022 just as companies were returning from the festive season break, jolting the firm’s management and IT experts into action as they responded to the crisis.

Like many ransomware attacks, the Curo incident involved cybercriminals taking the company’s valuable data hostage and demanding payment in exchange for its release.

If your business found itself in a similar situation, your first instinct might be to pay and make the problem go away, particularly when you are unable to access your systems as a result of the attack. Surprisingly, Curo decided not to engage with the attackers and used IT specialists to regain control of its company data.

five days of downtime – how Curo weathered the storm

Financial services is an industry where every second counts. Fund managers need immediate access to investment data on an instantaneous basis in order to respond to changes in the markets, and clients expect regular updates based on the most recent and reliable financial information available.

When time means money and success and failure can occur in minutes, imagine being locked out of your data for five days. The potential for disaster was huge, but Curo averted a red alert situation with quick and responsible action.

Fortunately for the company, the ransomware attack didn’t affect highly sensitive customer information and Curo didn’t lose control of its financial assets at any stage of the incident.

This gave management some breathing room to strategise, and their final decision was to ignore the criminals behind the attack completely and focus on restoring their systems to full functionality.

Cyberattacks are sadly becoming daily occurrences in South Africa, as seen with the likes of Transnet, the Department of Justice and even African Bank who were all victims of ransomware attacks last year.

no business is safe from a financial services ransomware attack

Faced with a similar scenario, how would your business react?

Every business needs a response plan and a ransomware attack backup plan. It’s what you do in the hours and days following an incident that will enable to lessen the damage in just this kind of scenario.

save your data from a ransomware attack with secure cloud storage

Ransomware attacks can only target your business data if it’s vulnerable to being attacked in the first place. Secure cloud storage, implemented as part of an overall cybersecurity policy, can help keep your sensitive information out of the wrong hands.

If you’d like to secure your business data with a cost-effective and  highly secure cloud solution, our range of packages for individuals and businesses could be a great solution. To learn more about our services, contact us today.

Have the Right Credentials | Ransomware Attacks

Do you have the right Credentials to evade Ransomware attacks?

Ransomware is a particularly nasty type of malware that’s used to hijack your important business data and – like the name says – demand a ransom in exchange for its release.

Attacks of this type have been rising in South Africa, with big names like Transnet and most major banks having been hit by wily hackers. Protecting your business from this type of crime is a major priority in 2021 and beyond.

The cost both to your company’s finances and its reputation in the wake of a ransomware attack can be huge, and like all unpleasant things it’s always better to prevent it in the first place.

Having an excellent antivirus software, firewall and other data security measures in place as well as opting for secure cloud storage are all excellent ways to defend your business from ransomware. But here’s the thing: all of these great measures could still fail if you neglect a small but essential aspect of data security: secure user credentials.

make sure the authorised user is really you

One of the easiest ways for hackers and ransomware creators to access your data in the first place is by breaching the first line of defence. Yes, that’s your trusty old password.

  • AI-driven password cracking software is now capable of decoding an eight-letter password in a number of hours and a twelve-letter password in just a few days.
  • As the software advances, these processing times are likely to drop further, and that means one thing. The days of using a password as your only means of data protection are long over.

A password is a piece of information that you know – and that means that someone else can know it too just by stealing it. A better approach to data security is to use information like biometric data that’s a physical part of you.

New credential verification systems like those used by Microsoft and eBay are helping users around the world to go “passwordless”, separating identities and passwords once and for all.

keep your data safe with a cloud-based storage solution

If the headaches that come with securing your data on-site don’t seem worth it, it’s because they aren’t. Leave the security to us and opt for cloud storage for your enterprise. Contact us today to find out how.

Do You Have a Ransomware Backup Plan?

Let’s talk about data – your company data to be more specific, and of course your ransomware backup plan!

Your data is probably one of the most valuable assets your business will ever have; valuable to you and sadly, just as valuable to cybercriminals. The data your business collects can be used to make better business decisions, drive sales, and truly appeal to your target audience. But then there’s the reality of just how big a schlep it is to keep the stored data safe in today’s heightened risk of a ransomware attack.

your first line of defence

You can employ the most highly skilled IT specialists to work in your IT department and still a ransomware attack can bring your business to its knees.

For a business to stand a chance against the increasing number of daily ransomware attacks, it has to ensure that every staff member understands the risks and takes responsibility for their actions when using the company system, network, and devices. And we all know how hard it is to get everyone on board.

It’s also important to have the right tools to monitor systems and provide a good line of defence so that when staff members behave as trained to, the data remains completely safe; and when the business is faced by a threat, rapid reaction can be set in place.

so how does a business protect itself?

Prevention is a great option, but business owners should focus first and foremost on maintaining well-managed data systems.

A well-managed data system means data can be easily located and easily updated with the latest security features. One of the problems that many companies are faced with is how to store the data so that it can be used if there’s ever a ransomware attack that cannot be thwarted. This is where having a ransomware backup plan comes into play. What does a good ransomware backup plan look like? Read on to find out.

a good ransomware backup plan

Below are a few pointers for creating a reliable ransomware backup plan.

  • Implement an actual security policy that focuses on ransomware

You cannot expect staff members to be accountable for their data management if there’s no set of rules for them to follow. Make sure that there are very clear guidelines to how data is collected, how it is tagged and saved, how often it is backed up, and how staff should behave when faced with possible threats.

  • Eliminate weak links

A weak link could be anyone involved in the accessing and use of data in the business who doesn’t follow through with their responsibility to protect the data. It could be a manager who doesn’t enforce the company-wide security policies. It could be an IT professional who doesn’t train staff on their data security responsibility. It could even be the employee who simply doesn’t understand the importance of making weekly password updates, or the one who clicks on random email links having been advised not to. Regardless of how repetitive you have to get, you need to drive the message home that there are consequences to not following company security policies.

  • Isolate your backups

A multi-level backup strategy is the only way to ensure that once ransomware hits your system, it doesn’t infect the entire set up. Make the isolating of backups a top priority. What does this mean? It means that you use an external cloud backup service for the storage of your data. This service is separate from your network system and is updated with the very latest security policies.

  • Regularly replicate data

If you only have one copy of critical data and ransomware just happens to infect it, there’s no way you are going to get your data back without paying the ransom. Replicating your data regularly is a good way to safeguard against this. Keep one copy of the data offsite and two copies on two separate devices. If one or two of these copies are infected, you still have one more option to rely on.

  • Run encrypted backups regularly

It doesn’t help if you have all the tools and systems in place, but staff forget to back up their data. It goes without saying that the data must be encrypted as that’s the most secure option, but in addition to that, backups should run regularly with minimal effort required from staff members. You can automate backups on devices to save time and to provide you with peace of mind.

Last Word

Having a ransomware backup plan is essential, regardless of the size and nature of your business. Don’t be fooled – hackers don’t only go after the world’s biggest brands. Smaller companies are becoming an easy target for the ransomware attacker looking for a quick buck. Do the work – protect your business and you stand a greater chance of avoiding data hacking/encrypting hell.

Garmin Goes Down in ransomware attack

Just a few weeks ago, the news hit disgruntled Garmin users that Garmin Connect was “down”.  The attack against wearable device maker, Garmin, which happened on the 23rd of July 2020, affected the company’s online services including website functionality, customer support services, client apps, and the company’s communication channels.

Garmin has a product line that includes GPS navigation with wearable technology for the outdoor, fitness, marine and aviation markets. The result of the hack was a lot of Garmin users without access to their regular services.

How did Garmin go down?

Garmin was hit by an Evil Corp’s WastedLocker ransomware attack. Many people have been hit by similar ransomware attacks in their personal capacity. Unfortunately, cybercriminals have found targeting individuals fruitless and so have started targeting large corporations where there’s limited time to tinker around trying to find a solution.

Garmin was a hot target and the hackers got it right. They set about encrypting a large portion of the company’s systems and services resulting in Garmin being offline for several days. Enough time for people to notice and start complaining.

The Good News for Garmin Users

Garmin users seem to have struck it lucky as their user data and personal particulars don’t seem to have been affected. And now that Garmin services and functions have been restored, all services seem to be up and running as before.

The Big Question: How Did Garmin Solve the Problem?

The big question that needs to be asked is how Garmin went about solving the problem. The ransomware attack was no different from others before it. Systems and data were encrypted, and a ransom was demanded in exchange for the return of systems to normal.

So, just what did Garmin do to get its data back? The jury is still out on that one!

With no official word from Garmin, rumours abound, including the source of the attack, and it is believed that Garmin did indeed pay the ransom using cyber response firm, Arete IR to enable the decryption key that was used to restore services.

It is also alleged that Garmin first approached another cyber response firm to help settle the ransom but was turned away because the company behind the WastedLocker attack, Evil Corp (Russian hackers) is currently on a US sanction list. This means that it is forbidden to make transactions to this company, regardless of the reasons.

While Sky News gave both Garmin and Arete the opportunity to confirm or deny that payment was in fact made to Evil Corp, both have declined to do so. Instead, Arete is on record disputing the fact WastedLocker is Evil Corp but was rather only developed by Evil Corp and that the evidence regarding that is actually inconclusive.

If Garmin Paid the Ransom…the precedent is Set!

All eyes are on Garmin to make a statement.

Paying a ransom, especially to a company on a US sanction list, is setting a poor precedent with ransomware hackers which can only serve to encourage cybercriminals.

As the days tick by, Garmin is under more pressure to present answers. As a listed company, their responsibility is to make public exactly how they handled the situation. Right now, we all just have to wait and see.

As a large tech company with many IT resources, Garmin still fell victim to a ransomware attack that ended up with them paying the ransom. If it can happen to Garmin, it can certainly happen to you too, and probably far easier.

What can you do?

Backup, backup, backup. Ensure that your employees are all properly trained and that you have all the necessary software on all of your devices. Don’t wait until you are a victim of a ransomware attack – do it now!


Ransomware on the Rise in 2020 – Reduce the Risk

It’s really no surprise that ransomware is on the rise! Although, one would think that in 2020, with all the security measures available to thwart off the efforts of opportunistic cybercriminals, we would be wise to their attacks. The fact of the matter is that security is mostly fine. In most instances, it is human error that leads to a business’s downfall when it comes to ransomware.

How Ransomware Works

Most victims of ransomware seem completely taken aback by the fact that they have become the target of a ransom attack. What they don’t realise is that in most instances a computer is infected when a person visits an infected website, opens an email and clicks on a link, or downloads and opens links from unknown senders.

Emails with infected links and attachments are known as “phishing emails”, and more often than not it’s just a case of carelessness that leads to falling victim to one.

When the link is clicked and the ransomware is installed, it first finds somewhere to hide itself on the device. The virus typically presents as a system file which makes it difficult to remove as it looks like an essential file for the computer’s system.

The ransomware is designed to then seek out backups visible on the computer – such as saved documents and images. It then either encrypts the files and images or simply erases them. When the user tries to access their files, a display is shown demanding that a ransom is paid for the files to be decrypted. These days, the ransom is usually demanded in Bitcoin.

The Danger of Ransomware

Ransomware presents a business with both direct and indirect costs with the expense of replacing systems and installing new defence mechanisms. Further to that, the business runs the risk of losing customers at the time of the attack and might seem to be a security risk in the eyes of prospective customers. You could find yourself losing thousands or even hundreds of thousands of rand when you fall victim to ransomware.

How to Protect Your Business

Being prepared for malware and ransomware is important. In order to prepare your business for such attacks, you need to make sure that your employees are educated on the many risks they face.

They also need to be well aware of how ransomware or malware attacks present themselves. You should have a no-click or no-download policy on links and attachments in emails from unverified sources. You also need to have a process or strategy in place to help you recover from data loss in the event of a successful attack on your business.

While educating your staff members and being prepared for an attack are essential protection methods, there are other things that you can do as well:

  • Always ensure that you have the latest updated version of the systems you are running. These are designed to be able to fight off the latest attacks.
  • Securely backup all your important and sensitive data to a cloud backup service that is encrypted. This will mean that you don’t need to pay the ransom. You can clear the computer, pep up your security and then download your latest backup onto your device again. Easy!
  • Run malware security software on your devices on a regular basis.

Last Word

While ransomware is on the rise in 2020, it doesn’t have to impact on your life or your business too. Make sure that you are prepared for this year’s onslaught of attacks and rest assured that by simply being aware and taking precautions, you are that much safer out there in the online world.

Finding the Right Antivirus Solutions

If your computer has ever had a virus or been infected with malware, you will probably know the frustration and stress involved in the “cleaning” or removal process. Once a virus or malware strikes, it can become a fool’s errand trying to restore the system back to normal. And often, the only solution is to wipe the system of all of its data, programs, and information. The result is lost data, which could be pertinent to your business or of sentimental value to you.

So, what’s the solution to warding off the risk of lost data as a result of a virus or malware, and adware?

The initial reaction from many is to try and recover the data with an installed antivirus software. The problem here is that most PC installed antivirus software only uses signature-based detection methods, and in most instances, it’s useless.

New adware, malware and viruses are designed to laugh in the face of regular antivirus solutions, so what’s the next step?

The next port of call is usually a Google search for advice, which only ever results in an overload of information with various links to security and marketing companies targetting vulnerable new customers.

What to Do – Where to Find Experts to Talk To Online

If you want to get rid of the viruses, adware, or malware files plaguing your computer and devices, you need to familiarise yourself with the correct steps to take in the event of infection and know who to turn to if your device starts to act unusually.

Find out where to get up to date information on the best antivirus solutions below:

Prevention is better than cure

If you are one of the lucky ones that has never been plagued with malware, adware, or a virus – YET, you should look into online backups. Complete online backups will ensure that when your data is lost or held hostage, you have an encrypted copy to use. This means no lost data. The added convenience of online backup is that, once you have the software installed on your device; the backups will run automatically, without any effort required by you. Online backups are first and foremost, the way to go.

Malware Advice

When Malware strikes, you will want to chat with the professionals in the industry. Great places to start looking for malware advice and guidance include:

Sometimes it’s not just one thing you need help and guidance on. What if you have several security concerns or technical issues that you want to chat about and get expert and advice on? Security info experts can be found lavishing cyber-security victims with advice at:

  • Geeks to Go (specialising in browser hijackings, ransomware, keystroke logging, and Trojan viruses).
  • Microsoft answers (all technical and security issues).

Secure Online Backups – The Ultimate Solution

Don’t wait to be incapacitated by a virus before seeking an antivirus solution. Take a step in the right direction and secure your data by registering for encrypted online backups today.