Second cyber attack on charity
MONDAY MAY 22 2017
THE HIGHWAY Hospice Association in Durban has become the latest victim of ransomware that has attacked hundreds of thousands of computers around the world. The attack was the second in three weeks for the association.
Recently, the cyber “worm” compromised Britain’s National Health Service (NHS). Highway Hospice chief executive Linda Webb said: “I asked myself how we could be hit again.
“Why are they targeting us? I was very disappointed. The staff couldn’t believe it and were asking ‘why us’?”
In an effort to stop its spread, staff were told not to switch on their computers. This resulted in downtime for staff as the organisation ground to a standstill. The files encrypted in the attacks included vital information from oncologists who work with the organisation. “It affected our service delivery. Everything was delayed.
“It has even delayed our annual report to show our donors what we have done.” The attacks resulted in a situation where the hospice’s reputation was at risk because it was not able to work effectively.
IT specialist Ian Naidoo, who is helping the organisation, said: “After the first episode we thought it would be a once-off incident, but three weeks later, we experienced it again. The whole server was infected.” When they were first hit, they contacted the hacker who had e-mailed them his demands.
Naidoo said the attackers demanded three bitcoins, (a digital currency) which cost about R50 000 at the time.
He told them the hospice would not be able to afford the money because they were a charity.
The cyber criminals then lowered their demands to two bitcoins. The hospice, however, did not give in to the demands, but bought new equipment instead, which cost about R40 000.
Webb added that the money used to buy new equipment could have gone to treat their terminally-ill patients.
Having backups has lessened the impact of the latest attack, Naidoo said, although it would take them about two days to get up and running again.
Craig Rosewarne, director of Wolfpack Information Risk, said about 5% of instances where ransomware had been detected globally had been in South Africa. “Ransomware is a booming industry.” Rosewarne said there were websites where criminals could buy ransomware and others where people could get decryption keys.
“When a person has been attacked by ransomware, they should first try to find decryption keys online before acquiescing to the hackers’ demands.
“The hardest hit would be people who did not have any backups.”
Rosewarne said his observation was that the hackers often provided decryption keys to people who paid up. – Staff Reporter