Ransomware is on the rise in Kenya – and what to do about it

The first time I became aware that ransomware had become a major ‘thing’ in Kenya was last year when a friend of mine who works in the IT department of a well-known business called me in a panic when their servers had been compromised and mission critical files had been encrypted – thanks to a ransomware attack. Up until that point, I was under the impression that this sort of thing didn’t happen here? Guess what, it does!

My friend wanted to know if I could find an ethical hacker who could decrypt their files or else they would need to pay millions of shillings to have the ransomware disabled. As it turned out, they had no choice but to pay this hefty ransom using bitcoin to restore their business operations. Indeed, such cyberattacks are becoming increasingly common in Kenya and the rest of Africa as we become more digitally connected across the board.

To put things into context, ransomware installs covertly on a victim’s mobile device, computer or network and can then mount an extortion attack that holds data hostage, or an attack that threatens to publish sensitive data, until a ransom is paid. Malware encrypts files, making them inaccessible, and demands a ransom payment to decrypt them.

Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file. I saw a demonstration of exactly how this is done late last year in Nairobi during a presentation by a team from Mimecast, an email security company that is growing its presence in Kenya. It was truly scary stuff and the sad part is that most of us are clueless that over 90% of cyberattacks originate from email which is often the entry point for ransomware and other forms of cyberattacks.

To get a sense of how bad things have become, the 2016 edition of the Kenya cyber security report by Serianu estimates that US$ 175 million was lost through cybercrime. In the same report, it was also noted that the largest contributor of direct losses from cybercrime in Kenya is insider threat.

Insider threats happen when employees, former employees, and other parties initiate malicious cyberattacks on a business due to their intimate knowledge of its technology systems. Insider threats involve fraud, theft of confidential or commercially valuable information, theft of intellectual property, or the sabotage of technology systems. It is exactly in these scenarios that incidences of ransomware flourish.

For many businesses in Kenya, given the current state of cybercrime affairs, it is essential to seek solutions that will protect them from the ransomware. Indeed, there are no protective barriers in an era of clouds, mobility, computing and apps which anyone can access easily. Thus, businesses must invest in building security frameworks that minimize the risks of social engineering attacks, including impersonation attacks like phishing, spear phishing and whaling.

One of the most important steps to be taken in protecting a business is to ensure that the workforce is adequately trained on the inherent risks from cyberattacks, how they happen, and how to stay safe from them. The human factor can be the weakest or strongest link and as such a well-trained workforce can be one of the major deterrents to cyberattacks on many levels – and especially where social engineering is concerned.

The second key step would be to ensure that business processes factor in the ever-evolving methods that cyberattacks use to infiltrate the network. This means well developed business processes can short circuit the very loopholes that tend to allow for social engineered cyberattacks to take place. If something does not follow the process it is then avoided by the intended victim(s).

The third step is to ensure that the technology systems in use in the business are up to date and consistent with current best practices where security is concerned? This means that the business must invest considerable resources – financially and otherwise on solutions that can address the risks. Mimecast is one of the companies that offers an end-to-end cloud-based approach to email security and based on what I saw in their demonstration last year.

The last step is to ensure that a business is protected is that the senior leadership is on-board in understanding what is at stake and being fully invested in protecting business assets from cyberattacks. This sort commitment means staying up to date in terms of the latest trends and the business processes as well as people-centered activities that can maintain a secure organization across the board from cyberattacks. In taking this approach, businesses then have the peace of mind that leadership is in the driving seat in managing risks of any kind.


Previous post

Liquid Telecom Acquires Major Stakes In Tanzania's Raha and South Africa's Neotel

Next post

Kenya hits 163% e-commerce growth ahead of Valentine’s Day


  1. Ali
    February 15, 2017 at 7:48 pm — Reply


    This is a timely topic ! Many people don’t realize that they have to take responsibility for their on line safety and security. One can NOT and should NOT trust others with the security of their data regardless whether it is personal or business.

    Many people blindly click on emails from people they do not know and open attached links which is how most of these trojans are installed on their computers.

    It is also important to regularly perform security updates on your computer and back up your data DAILY !! This is VERY IMPORTANT and actually the cheapest way to recover from a trojan attack .

    I have a friend who works from home and was also a victim of these trojan attacks. Lucky for him I had set up an automatic backup remotely off site for him as he is an older person and technically challenged. So when he called me in a panic as he had been asked to pay thousands of dollars in ransom. I told him to ignore the ransom as we had back ups and we could restore his system.

    Obviously now you understand why he insists on buying lunch whenever we go some where now 🙂

  2. March 3, 2017 at 10:57 am — Reply

    Great topic!
    I also agree with Moses; since this ransomware is like being perfected on every passing day with these malicious guys a LOCAL based, automated, cloud backup is the best alternative plan in the event that you lose your data; DataBank (databank.co.ke) solution is just one of those Kenyan solutions.

  3. Samuel Wachira
    March 9, 2017 at 9:16 am — Reply

    Malware has taken another form, and Anti-Virus is not enough. There are three major approaches that would reduce the instances of attack and also help detect and respond to these attacks:
    1. Patching the Operating system:- Even Mac and Linux based O/S need to be patched. Kenyans, however, find the process tedious, as there are simply too many patches, and the patches themselves are too large.
    2. Upgrade to the latest Systems: – O/S’s such as Windows 10 bring its own threat protection, while Windows XP and Vista are out of support. Invest in new Behaviour-based anomaly based systems, and IDS, IPS technologies to secure your environment.
    3. The cloud: How now you ask? Cloud technologies allow you to abstract data from your environment, meaning that your data is safe elsewhere. Cloud providers pride themselves on the ability to keep your data safe, an have invested in technologies to ensure the data, and their reputation, is not tarnished.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.