Companies affected by ransomware attacks should not be tempted to pay a ransom, as the likelihood of receiving the decryption keys is often very slim.

Following last week’s Wanna Cry malware attack, that locked up over 200 000 computers in more than 150 countries, including a retail company in South Africa, Deloitte Cyber Intelligence Centre associate director Paul Orferr told Engineering News Online that companies often saw paying a ransom as “the easy way out.”

The particular ransomware charged companies $300 to initially unlock their operating systems, which Orferr noted “jumped up to $600”. He noted that there were currently four Bitcoin wallets running for this ransomware and across these, 262 transactions have been recorded, amounting to about $72 800.

“The only way to recover from this is to do a complete reinstall and restoration of an affected company’s data, while simultaneously containing the malware,” he advised, adding that even if a company receives the decryption key, these can also be a backdoor to a re-encryption.

Further, he noted that there was “nothing special” about the Wanna Cry ransomware, but that it was dangerous as it could spread quickly. “We will continue to see new vulnerabilities being discovered. [Ransomware] is not going to go away,” he stressed, noting that companies needed to be more vigilant.

“You cannot just throw technology at the problem; you cannot just address the people aspect – you have to look at it in [its entirety, as a] people-process-technology triangle . . . through user awareness and education, having the proper end-point controls in place and applying the correct patches,” said Orferr, adding that patching, locking down ports and segmenting a network were important.

Deloitte Cyber Intelligence Center Africa leader for cyber-risk and resilience Cathy Gibson said, through creating potential scenarios in which cyberattacks can occur and ensuring that a company has the correct back-up of their data, future cyberattacks can be prevented.

“Our monitoring centre started picking up on the Wanna Cry malware on Friday morning and, by the afternoon, we had notified our monitoring clients and advised them on the steps that they had to put in place,” she highlighted.

Gibson also pointed out that there was ongoing convergence between information technology (IT) and operational technology (OT) infrastructure. “[The latter is also becoming vulnerable to the same cyberthreats as the IT environments are and are often not nearly as secure,” she said, noting that it was important to secure an OT environment.