The “ransomeware” attack Friday that involved compromised computer systems in a reported 99 countries – at last count – may be among the largest reported in years, but it’s not a new problem and some experts say African businesses and organizations are especially vulnerable.
The ransomware strain WannaCry (also known as WanaCrypt0r and WCry) worked much the way other cyberattacks of its kind do: Once a user’s system is affected, the malware locks down files by encryption and holds them hostage until the user pays up in Bitcoin to restore access – or risks losing them forever.
In this case, tech and cybersecurity experts believe that WannaCry worked by exploiting a vulnerability in Windows operating systems that was first identified by the United States National Security Agency.
The agency developed tools based on that, but was itself hacked and the information on how it works was publicly leaked earlier this year – meaning that malevolent actors might design this sort of attack.
Friday’s incident idled Renault automotive manufacturing plants in France, and the National Health Services hospitals in the United Kingdom, where patient procedures and appointments were canceled. The FedEx packaging service in the United States was hit, as were Spain’s telecom and utilities firms.
The Avast security firm reported that 57 percent of the tens of thousands of attacks occurred in Russia.
At MalwareTech, a real-time map showed some ransomware attacks in South Africa, MENA states including Egypt and Tunisia, countries including Uganda in the east and a few West African nations.
Nigerian authorities said they were among those watching and studying the problem – but the truth is, many African companies already have vulnerabilities and have experienced ransomware attacks before.
Five African nations – Botswana, Malawi, Namibia, Uganda and Democratic Republic of Congo – were listed among the global Top 10 for ransomware vulnerabilities in a November 2016 report from Checkpoint Software Technologies.
A well-timed African Business Magazine report published May 10 warns of the growing threat to African firms, as does a Deloitte Nigeria Cybersecurity Outlook report that forecasts more ransomware incidents in 2017 because of improvements needed in the tech infrastructure and regulatory environment.
Firms and governments alike are urged to educate themselves about the threats and their prevention.