Darkside, ransomware pandemic and threats to African firms
COVID-19 shut down the world. Darkside and its franchises are bringing government systems and private businesses to their knees like COVID19, heralding a new age of cyber-pandemic. It looks inevitable that as we see accelerated digitalization, we may witness the first cyber-pandemic that will shut down the whole world before the end of this decade. African firms face a gloomy future especially with the increasing presence of legacy infrastructure, tight IT budget and huge gap in cyber-threat management skill sets.
African banks look vulnerable and so does the larger private sector. We may witness the collapse of a bank as virulent ransomware attacks continue. Tenemos polls put it clearly that “Aging IT is the biggest threat to banks today.” It also found that maintaining legacy systems costs, on average, three-quarters of most IT budgets, showing how widespread the problem is in enterprises, as well.” Experts described legacy technology as both a security issue and a hindrance to innovation. A shift to new technologies like cloud computing, powerful mobile devices and the Internet of Things (IoT) is providing greater flexibility, efficiency, intelligence, automation and security.
Legacy systems as they exist in African markets are opening up vulnerability windows that could malign local firm’s reputations, shrink profitability and weaken competitiveness as it reduces the capacity of local firms to innovate. This demands a cybersecurity audit on African firms’ infrastructure. Leveraging new technologies can help African companies to become more agile, remain innovative and adjust costs to real usage.
These new technologies come with embedded capabilities such as policy management, encryption, authentication and continuous monitoring for greater control. They are less cumbersome and easier to manage and offer the opportunity to increase revenue through enabling better customer service across multiple channels, which will differentiate any African firm from its rivals. These new technologies can address inefficiencies via consolidating data centers or boosting usage of shared services.
A Darkside pandemic
Darkside may be the most audacious and most business savvy cyberweaponry firm that exists today, as a ransomware-as-a-service, a mimicry of the saas model. It prides itself as having the savviness to provide the best encryption to seal up computers faster than anyone else. It emerged in August 2020, and has leaked the data of more than 80 organisations. The identities of those who paid are shrouded in secrecy.
DarkSide ransom demand ranges between $200,000 and $2 million, helping it rake in more than $30 million. Beyond its vast hacking expertise, it displays a modern communication wizardry in managing the process by exerting pressure on its victims to extract a significant ransom. It also uses public shaming to compel victims to play ball or risks reputational damage. Darkside is media-clinging as well as a skilled ransomware extortionist. Reported average cost of remediating a ransomware attack in South Africa was put at $447,097 (R6.4 million) while the global average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021 (Sophos). Darkside is ruinous to modern enterprises and society; and the more billions of IoT devices and smartphones come upstream so becomes our vulnerabilities.
Yet the impact of a ransomware attack should be met with commensurate criminal prosecution. It will reduce the profit incentives. A ransomware attack is commonly deployed via phishing emails. It can come as a DDoS attack like those that were launched against several large South African banks, including Standard Bank and ABSA. Sadly, ransom paid by organisations hasn’t helped them get all their data back. This is because using decryption keys to recover information can be complicated. Simply put, there is no assurance of success.
Pains of Darkside Pandemic
Hackers are not defined by geography, but their greed and ambitions are supported by sympathetic nationstates. Whatever the type of attack, the hacker’s intent remains the same — extort ransom from their victims. It is where we work with our global cybersecurity partners to help navigate the thorny maze-like path to recovering from a ransomware attack. We make recovery quick and with less pain even in situations where attacks were deployed with low quality or hastily compiled code and techniques that could make data recovery hard or almost impossible.
More than just decrypting and restoring data, our cybersecurity partners are helping victim companies globally to rebuild their whole systems ground up and manage the painful operational downtime and also reduce customer impact to bearable minimum. As ransomware attacks evolve, and inevitably hit a swathe of African enterprises, we know that anti-ransomware technology, enterprise culture, global standards and partnerships and appropriate punishments will meet this threat.
Finally, African enterprises must equip and expand their pool of cybersecurity professionals. It must drive public awareness on the risks of cyber-attacks and build knowledge capacity about cyber law, enforcement mechanisms and practical regulatory guidance through global and local alliances. The masterstroke will be to mobilize resources across the world-stakeholders at the regional, national, organisational, and individual level to mitigate the risk.
• Caesar Keluro is co-founder/ CEO, Nanocentric Technologies Limited. He leads ‘Make In West Africa’, a regional Think-tank. He tweets https:// twitter.com/KCaesar, https:// www.linkedin.com/in/caesarkeluro/