Ransomware has been one of the most prolific cyber threats facing the world throughout 2019, and it's unlikely to stop being a menace any time soon. 

Security

Organisations from businesses and schools to entire city administrations have fallen victim to network-encrypting malware attacks that are now demanding hundreds of thousands of dollars in bitcoin or other cryptocurrency for the safe return of the files.

While law enforcement recommends that victims don't give into the demands of cyber criminals and pay the ransom, many opt to pay hundreds of thousands of dollars because they view it as the quickest and easiest means of restoring their network. That means some of the criminal groups operating ransomware campaigns in 2019 are making millions of dollars.

But what is now one of the major cyber scourges in the world today started with much more humble origins in December 1989 with a campaign by one man that would ultimately influence some of the biggest cyberattacks in the world thirty years later.

The first instance of what we now know as ransomware was called the AIDS Trojan because of who it was targeting – delegates who'd attended the World Health Organization AIDS conference in Stockholm in 1989.

Attendees were sent floppy discs containing malicious code that installed itself onto MS-DOS systems and counted the number of the times the machine was booted. When the machine was booted for the 90th time, the trojan hid all the directories and encrypted the names of all the files on the drive, making it unusable.

Victims saw instead a note claiming to be from 'PC Cyborg Corporation' which said their software lease had expired and that they needed to send $189 by post to an address in Panama in order to regain access to their system.

It was a ransom demand for payment in order for the victim to regain access to their computer: that made this the first ransomware.

Fortunately, the encryption used by the trojan was weak, so security researchers were able to release a free decryption tool – and so started a battle that continues to this day, with cyber criminals developing ransomware and researchers attempting to reverse engineer it.

But after this, it wasn't for another 20 years that ransomware as we know it now first started to emerge; and those first attacks were still simple compared with ransomware today.

A common form of this kind of ransomware was the 'Police Locker' attack, which if downloaded – often from peer-to-peer downloads sites, or websites hosting pirate or adult material – would change the user's desktop to a note claiming to be from law enforcement, which stated the machine had been locked due to suspected unlawful activity.

No encryption was actually used in these attacks and in many cases the locker could be removed by rebooting the computer – but for some, the fear-factor pushed them into paying up a few hundred dollars.

While Police Lockers reached their peak between about 2010 and 2012, they haven't disappeared – but they were superseded by what we recognise as 'real' ransomware.

"2012 to 2014 was kind of the Wild West of ransomware, it was a new idea and the general public wasn't aware of what it was and didn't understand what was going on. You had everything from the screen lockers to the ones with file encryption," says Michael Gillespie, ransomware researcher at Emsisoft.

It was at this point that ransomware turned towards encrypting files, so as to really turn the screw on victims, although it was rare for the ransom demands to be more than a few hundred dollars as the targets were still mostly home users – and because the ransoms were paid in standard currencies, it wasn't the most covert operation.

But the Bitcoin boom helped change everything and soon criminals distributing ransomware were demanding their ransoms should be paid in cryptocurrency because transactions are more difficult to trace than those made with regular currency, making those behind the attacks more difficult to uncover.

By 2016, ransomware-as-a-service had become common, with the creators of malware families like Cerber leasing out the ability to conduct attacks in return for a cut off the profits. It proved to be a successful business model and by the end of the year, ransomware variants ranked among the most common malware families.

Slowly but surely, the ransomware attacks were shifting their focus, with many of the professional criminal organisations turning away from attacking home users in favour of targeting businesses and public sector organisations, encrypting entire networks and making off with tens of thousands of dollars.

Despite this, ransomware still remained somewhat under the radar outside information security circles, but in May 2017, that changed forever with the arrival of WannaCry ransomware.

On that day, people at organisations around the world found themselves faced with a message demanding a ransom payment in exchange for the safe return of their files. WannaCry was spreading around the world with the help of EternalBlue, a leaked NSA hacking tool that had been made public months earlier.

The damage would have been much wider if security researchers hadn't found the killswitch for the attack, which was later blamed on North Korea. However, even if organisations did pay the ransom, there was no mechanism for retrieving the files – the attack seemed to be purely destructive in nature.

Just weeks later, something similar happened when NotPetya - an attack mostly likely launched by the Russian military intelligence - also hit targets around the world. It looked like ransomware, but acted like a destructive wiper.

But despite the high-profile nature of both these incidents, that wasn't the end of ransomware as organisations continued to leave their networks open to compromise by cyber attackers who'd soon find yet another new way to make ransomware even more powerful – and more lucrative – than before, as hackers realised they could spread the malware with more than just phishing attacks.

"WannaCry was the paradigm shift. Because then people realised they could combine lateral movement with a strong payload like ransomware," says Max Heinemeyer, director of threat hunting at Darktrace.

Since then, cyber criminals pushing ransomware have grown bolder and the attacks have gotten much bigger. Now, when entire networks are compromised by hackers, ransomware has become a means of monetizing the attack.

By combining attacks against internet-facing ports, the use of stolen credentials, lateral movement across the network and other techniques, attackers will snake their way through the network until they've compromised everything possible, before finally unleashing the ransomware and taking everything down – often including servers and backups.

This has led to ransomware becoming an extremely lucrative business, with attackers regularly demanding six-figure sums for the decryption key – and despite the numbers involved, 2019 has seen many organisations opt to pay the ransom.

In many cases, it's seen as the lesser of two evils – because restoring the network from scratch could take weeks and not only could it cost as much, the organisation will lose large amounts of business all the time the network is down. So victims pay up, demonstrating to attackers that ransomware works.

Because of this – and the way ransomware distributors rarely get brought to justice – ransomware has become more problematic than ever and the issue will continue into 2020. 

But by doing one simple thing, organisations of all sizes could counter the threat posed by ransomware attacks: making sure they have offline backups of their systems and make sure that those backups are regularly tested.

"It's Schrödinger's backup: the state of a backup isn't known until you have to restore from it: you need to know if it's going to save you if something happens," said Gillespie.

"Sometimes people don't want to pay for IT in general, they don't want to pay for a storage safety net they might never use – but there are options and in the grand scheme of things it's better for you," he added.

If organisations secure their networks against attacks and ensure there are backups available if the worst happens, they don't have to pay the ransom – and if people aren't paying ransoms, cyber criminals will stop seeing ransomware as lucrative.

Maybe if these lessons are learned now, ransomware won't be plaguing businesses over the next 30 years – but unfortunately, it's likely to get worse before it gets better.

www.vsoftsystems.co.za

 

The cabinet’s decision to open the country’s borders on 1 October 2020 to “most” countries is a significant milestone in placing the sector on the irreversible path towards full recovery, says Tourism minister Mmamoloko Kubayi-Ngubane.

On this date, all travellers from the African continent and from countries outside the African continent with a low rate of Covid-19 infection and transmission, will resume.

Speaking at a World Tourism Day event on Sunday (27 September), Kubayi-Ngubane said South Africa’s data shows a downward trend in the risk of virus spread.

“South Africa is arguably amongst the safest tourist destinations in the world. We are hopeful that South Africans will continue to social distance, wear masks and take all the necessary precautions to protect themselves so that we can continue to reduce the spread of the virus,” she said.

Kubayi-Ngubane said that as part of the recovery, it will be critical for us to focus on protecting and rejuvenating the supply side of the market.

“The public and private sector will have to find ways of working together to ensure business continuity, aligning the value-chain to new biosecurity standards, as well as investment facilitation and market access,” she said.

“The rising domestic demand which will soon be augmented by the international market when we open the borders will have be met by sufficient supply side infrastructure. This is a very critical element of our road to recovery.”

On the mend

Kubayi-Ngubane said that since government opened inter-provincial travel under level 2 lockdown, shed has been travelling across the various provinces visiting establishments and meeting with travellers and establishment owners.

“I am happy to report that many of the establishments are ready to reopen if not already opened and South Africans are very keen to travel their own country,” she said.

“Across the country South Africans are sending me messages and pictures of their tourism experiences. South Africans are taking their families and friends to adventures, for game drives, hiking and other kinds of memorable tourism experiences that our country has to offer.

“After six months of lockdown, South Africans are going all out to rediscover their country.”

The minister said that the ‘vibrancy’ of the domestic tourism sector is in line with government’s recovery plan which envisages that a recovery will happen in phases.

“In this regard, we predicted that the recovery will start with domestic tourism, then regional land and air markets, and lastly, resumption of world-wide international travel,” she said.

 

Travel list

Transport minister Fikile Mbalula says that South Africa will adopt a risk-based system in selecting which countries will be allowed to travel into South Africa and which countries South African citizens will be allowed to fly to.

Mbalula said that government will largely adopt same approach that was used before South Africa entered into a level 5 lockdown, with countries categorised as ‘high-risk’ or ‘low-risk’ for travel purposes.

“For instance, if you take the whole of the United States it will probably be high risk, and we will then deal with it as such. Whereas the UAE will likely be seen as a low-risk country,” Mbalula said.

The Transport minister indicated that the government will look at placing entire countries or regions on the high-risk list due to the possibility of connecting.

Using the example of the United States, he said it was possible for passengers to board and fly anywhere from New York, to Miami or Los Angeles. This means that the country is as a whole as a risk.

However, he said that the government will also take a ‘differentiated approach’ and formulate its list on a country-by-country basis, based on the current coronavirus situation.

www.samigration.com

September 22, 2020 Nigeria News

The federal government has commenced visa processing on a reciprocity basis for applicants from countries that have reopened their international airspace and have begun issuing visas to Nigerian applicants.

The Consulate General of Nigeria in South Africa confirmed this development in a statement issued yesterday, saying the federal government has granted payment waivers to certain categories of visitors/migrants affected by travel restrictions introduced during the COVID-19 pandemic.

It said: “The Consulate General of Nigeria, Johannesburg, wishes to announce the recommencement of visa processing, on Reciprocity Basis, for applicants from countries that have reopened their international airspace and have begun issuing visas to Nigerian applicants. In this regard, the federal government of Nigeria has granted payment waivers to certain categories of visitors/migrants affected by travel restrictions introduced during the Coronavirus pandemic.

“All visitors/migrants whose permits expired from March 23 to September 5, 2020, should provide evidence of confirmed return tickets scheduled to travel out of Nigeria to obtain a free extension to depart on or before September 15, 2020.

“All migrants whose permit/visitor’s pass expired before March 23, 2020, shall pay an Overstay Penalty for the number of days stayed before the lockdown on March 23, 2020.”

The Consulate General added that all resident migrants whose permits expired outside Nigeria from March 23, 2020, would be allowed entry into Nigeria with the expired permits on or before September 25, 2020.

It stressed that such returning holders of expired permits and their dependents are to renew the permits within 30 days of arrival in Nigeria to avoid sanctions under relevant immigration laws.

It said that all migrants who processed payments for visa on arrival and all other categories of visas from Nigerian Missions before March 23, 2020, are to apply for revalidation and upload a copy of previous payments not later than September 15, 2020.

The Consulate General said all migrants who obtained a visa on arrival pre-approval letters and all categories of visas from Nigerian Missions before September 23, 2020, whose approval/visas expired before September 5, 2020, are also to apply for revalidation without making fresh payments, by uploading copies of the expired pre-approval letters/visas not later than September 15, 2020

www.samigration.com

September 19, 2020 - Commercio

 

UAE’s Emirate Airline has been banned from operating in Nigeria.

Emirates Airline has been added to the list of airlines which have been banned from operating in  Nigeria. The ban will take effect from the 21^st of September.

This was announced by the Minister of Aviation, Hadi Sirika in a social media statement on Friday.

“The PTF subcommittee met today with EU Ambassadors to discuss Lufthansa, Air France/KLM ban. The meeting progressed well. Emirates Airlines’s situation was reviewed & they are consequently included in the list of those not approved, with effect from Monday the 21st Sept 2020.” Sirika stated.

This comes as the UAE government has been accused of not renewing visas of Nigerians in Dubai and also rumours of a VISA ban for Nigerians applying for visas.

Last month, the UAE embassy in Nigeria denied there is a VISA ban on Nigerians entering the Middle Eastern country. They said: “At the onset of the COVlD-19 pandemic, the UAE took a number of precautionary measures to combat the virus’ spread, including the temporary suspension on issuing UAE visas for all nationalities as of March 17, 2020.

After entering the recovery phase of the pandemic, the UAE eased some measures on July 7, permitting visitors from various countries to adhere to the necessary precautionary measures, including by showing negative PCR test results within 92 hours of travelling to the UAE. This includes those visiting from Nigeria.”

www.samigration.com

Business Tech - 23 September 2020

Cooperative Governance and Traditional Affairs (Cogta) minister Nkosazana Dlamini-Zuma has published a series of directives which outline the country’s move to a level 1 lockdown and the new rules that are in place.

In the first directive, Dlamini-Zuma confirms that the country will move to a level 1 lockdown from 00h01 on Monday morning (21 September).

In the second directive, the Cogta minister provides more clarification on the changes announced by President Cyril Ramamphosa in his national address on Wednesday evening.

The biggest changes are outlined in more detail below.

Re-opening of borders 

From 1 October 2020, all travellers from the African continent and from countries outside the African continent with a low rate of Covid-19 infection and transmission, will resume.

This will be subject to:

• The traveller providing a valid certificate of a negative test which was obtained not more than 72 hours before the date of travel; and
• In the event of the traveller’s failure to submit a certificate as proof of a negative test, the traveller will be required to quarantine at his or her own costs.

To temporarily control entry into South Africa from countries outside the African continent, the relevant cabinet members shall, after consultation with the cabinet member responsible for health, determine in directions:

• Criteria for controlling entry into the Republic, from such countries with a high Covid-19 infection and transmission rate;
• The list of such countries with a high Covid-19 infection and transmission rate, which list may, from time to time, be amended.
• International travel from countries listed as having a high Covid-19 infection and transmission rate, will remain prohibited except for business travel which may be allowed with the approval of the Cabinet member responsible for home affairs.

All commercial seaports will be opened but international air travel is restricted to the following airports:

• OR Tambo International Airport;
• King Shaka International Airport; and
• Cape Town International Airport.

The list of high risk and safe countries is still to be finalised. It will be published by the respective department, before travel opens up on 1 October, Dlamini-Zuma said.

The minister said the list will be changing as new data becomes available, and won’t be a one-off. Long-term visas will be activated from 1 October.

Gatherings 

Every person, when attending a gathering, and in order to limit exposure to Covid-19, must:

• Wear a face mask;
• Adhere to all health protocols;
• Maintain a distance of least one and a half metres from each other; and
• Adhere to any other health protocols and social distancing measures as provided for in directions issued by the relevant cabinet member after consultation with the cabinet member responsible for health.

In addition, an owner or operator of any indoor or outdoor facility where gatherings are held must display the certificate of occupancy which sets out the maximum number of persons the facility may hold.

The directive also outlines the following rules for specific gatherings, provided that no more than 50% of the capacity of the venue is used, with persons observing a distance of least one and a half metres from each other.

Other notable rules include:

• Gatherings at faith-based institutions are limited to 250 persons or less in case of an indoor gathering and 500 persons or less in case of an outdoor gathering;

• Gatherings at social events are limited to 250 persons or less in case of an indoor gathering and 500 persons or less in case of an outdoor gathering;

• Gatherings at political events and traditional council meetings are limited to 250 persons or less in case of an indoor gathering and 500 persons or less in case of an outdoor gathering;

• Gatherings at conferences and meetings are limited to 250 persons or less in case of an indoor gathering and 500 persons or less in case of an outdoor gathering. Provided that persons participating through electronic platforms are not included in these limitations;

• Gatherings at a workplace for work purposes are allowed;

• Gatherings for recreational purposes at cinemas, theatres, concerts and live performances are limited to 250 persons or less in case of an indoor gathering and 500 persons or less in case of an outdoor gathering;

• Gatherings at casinos are limited to not more than 50% of the capacity of the venue, with persons observing a distance of least one and a half metres from each other.

Alcohol sales

The sale of liquor is permitted:

• By licensed premises for off-site consumption is permitted from 09h00 to 17h00, from Mondays to Fridays, excluding weekends and public holidays;
• By licensed premises for on-site consumption is permitted, subject to strict adherence to the curfew.

Funerals 

Attendance at  funerals is limited to 100 persons or less:

• Provided that not more than 50% of the capacity of the venue is used, with persons observing a distance of least one and a half metres from each other.
• Night vigils are not allowed.
• During a funeral, a person must wear a face mask and adhere to all health protocols and social distancing measures.

Curfew

Every person is confined to his or her place of residence from 00h01 until 04h00 daily, except where a person  has been granted a permission for work purposes or is attending to a security or medical emergency.

Masks 

• A person must, when in a public place, wear a face mask, except when undertaking vigorous exercise; and
• May not be allowed to be in a public place, use any form of public transport, or enter a public building, place or premises, if that person is not wearing a face mask.

Closed to the public and exclusions 

The following areas remain closed and/or are specifically excluded under the country’s level 1 lockdown:

• Night vigils;
• Night clubs;
• The 35 land borders that remain closed;
• Initiation practices;
• Passenger ships for international leisure purposes;
• Attendance of any sporting event by spectators;
• International sports events;
• Exclusions relating to certain public transport services;
• Exclusions relating to certain education services.

www.samigration.com