28 June 2017

Kenya: CA Advises Public, Organizations On Preventive Measures for Petya Ransomware Attack

Communications Authority of Kenya (CA), through the National Kenya Computer Incident Response Team Coordination Centre (National KE-CIRT/CC), has received reports of a ransomware attack dubbed "Petya" and is advising the public and organizations to put in place several preventive measures.

The malicious software has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom. Petya spreads rapidly through networks that use Microsoft Windows.

"The ransomware virus, is similar to the WannaCry ransomware virus that massively attacked computers across the world in May this year. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee restoration of access," said Director General, Communications Authority of Kenya, Mr. Francis Wangusi in a statement.

The Authority is, therefore, advising the public and organizations to put in place the following preventive measures:

i. Ensure that you keep an up-to-date back up of your important computer files offline. This will ensure that in the event your computer is attacked, you can restore your files from the backup.

ii. Ensure that your computer's Operating System (OS) is updated. This is especially for users running the Windows operating system in their computers, which is the main target of this particular cyber attack.

iii. Ensure that your anti-virus is up-to-date.

iv. Avoid clicking on links or opening attachments or emails from people or sources you don't know or companies you don't do business with.

v. Be alert when opening emails especially if they contain links or attachments. You should also take special attention of any email attachment that advises you to enable macros to view its content. Unless you trust the source, do not enable macros and instead delete the email immediately and permanently.

Petya first appeared this morning and has been spreading around the world, mainly infecting businesses and government agencies and departments in the Ukraine and Russia, but there have been increasing reports of businesses in other countries also being compromised, with reports filtering in from the US, UK, Germany, Switzerland and Holland, as some examples.

Once infected, the virus encrypts each computer to a private key, rendering it unusable until the system is decrypted. The program then instructs the user to pay the $300 ransom to a static Bitcoin address, then email the bitcoin wallet and personal ID to the email address, which is now blocked.

There is some confusion over the origins and nature of Petya, with some reports suggesting there are similarities to WannaCry and that it utilizes the #ETERNALBLUE SMBv1 worm functionality.

More work is needed to investigate the way the virus propagates; in the meantime businesses are urged to ensure their software is up-to-date and all files backed up.


Outrage at Amina Mohamed's Ban on School Visiting Days

Kenyan exams have in the past been marred with rampant cheating. Teachers, learners and security guards have ended in… Read more »

See What Everyone is Watching

Copyright © 2017 CIO East Africa. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). To contact the copyright holder directly for corrections — or for permission to republish or make other authorized use of this material, click here.

AllAfrica publishes around 800 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.