17 May 2017

Kenya: Ransomware Hits 14 Servers in Kenya

Photo: Ivan David Gomez Arce/Flickr
File photo

Since Friday last week, a wave of unprecedented cyberattacks has swept across the globe, with over 350 companies and hundreds of thousands of computers in 152 countries affected by Wednesday morning.

The attack by a computer worm or ransomware called WannaCry' (Wanna Decryptor) targets the Microsoft Windows operating system, encrypts files and demands that the user pay ransom before being allowed to continue using the computer.


On Tuesday, computer forensics and data recovery company East Africa Data Handlers said it had received 14 cases of servers that had been affected by the ransomware.

Among these clients are two multinationals, which had the entire 15-year data manipulated and lost.

Managing Director George Njoroge said the company has been able to fix and restore the servers for five of the companies but admitted that it was unable to fix those from two other firms.

"The malware has different variations and sometimes the companies come with the complaint when it has already been manipulated even more," Mr Njoroge said.

The data recovery, he said, is costly and takes time, and that may interfere with the smooth running of businesses.


The existence of the malware in the country has been confirmed by the country's cybersecurity response agency, the National Kenya Computer Incident Response Team Coordination Centre, or KE-CIRT-CC.

Mr Njoroge warned that many companies in the country are at risk of being attacked by the ransomware.

"The biggest problem is that companies and individuals don't upgrade their security infrastructure, mostly because of the current economic challenges," he said, adding that the best solution is to keep pace with the dynamic changes in technology.

He tipped companies to completely switch off and isolate affected computer(s) from the network immediately after they discover they have been attacked by the malware and call in experts to remove the programme.

"Computer users should also avoid opening links whose sources they do not know as the main carrier of the malware is phishing," he said.

Phishing scams are sent through emails appearing to be from genuine and famous companies with the aim of acquiring information and installing malicious software.


Mr Njoroge urged companies to back up their data and block certain untrusted websites from their servers.

Simon Kipruto, the head of the cybercrime unit at the Directorate of Criminal Investigations, said no company or individual had reported a cyberattack, adding that most companies choose to solve such problems without reporting them to the police.

Globally, companies that had been affected by the attack told the media that the attackers demanded that they pay ransom in the cryptocurrency Bitcoin.

The ransomware works by encrypting files and making them inaccessible and unreadable, before asking the user to pay a specific amount of money in order to access their own data.

The frozen-screen warnings are much the same as those that started in Britain and spread across the world, reports Charlie D'Agata, a correspondent for America's CBS TV network.

The "WannaCry," malware programme that has held the globe in the grip of fear was first uncovered in documents stolen from the US National Security Agency, exposing a vulnerability in Microsoft's operating systems.


So far, the attack has affected big users such as Britain's National Health Service, FedEx, transport company Deusche Bahn and airline company Latam.

On Sunday, Kenya's Communications Authority (CA) warned about the attack, which is spread through e-mail phishing, and asked users to take caution.

The authority also urged Kenyans to keep an offline backup of their documents and files so that they can restore them in case they are attacked.

CA Director-General Francis Wangusi, while discouraging people from paying ransom as there is no guarantee the files would be restored, said once the attack hits one computer, it tries to spread to all computers in the network.

He urged organisations and individuals to ensure that they have good and updated anti-virus programmes installed in their computers to safeguard their data from the malicious software.

More on This

Like Sharing Nudes? Beware of Cyber Bullying

One minute you are friends next you are foes and such is life. Read more »

See What Everyone is Watching

Copyright © 2017 The Nation. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). To contact the copyright holder directly for corrections — or for permission to republish or make other authorized use of this material, click here.

AllAfrica publishes around 800 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.