Kenya Insights

Tag: Ransomware

  • International Agencies Halts Infamous LockBit Ransomware Operations

    International Agencies Halts Infamous LockBit Ransomware Operations

    Law-enforcement agencies have infiltrated and disrupted Lockbit, a prolific ransomware syndicate
    behind cyberattacks around the world, Britain’s National Crime Agency said Tuesday.

    The agency said it led an international operation targeting LockBit, which provides ransomware as a service to so-called affiliates who infect victim networks with the computer-crippling malware and negotiate ransoms. The group has been linked to thousands of attacks since 2019.

    Hours before the announcement, the front page of LockBit’s site was replaced with the words “this site is now under control of law enforcement,” alongside the flags of the U.K., the U.S. and several other nations.

    The message said the website was under the control of the U.K.’s National Crime Agency “working in close cooperation with the FBI and the international law enforcement task force, Operation Cronos.”

    It says it is an “ongoing and developing operation” that also involves agencies from Germany, France, Japan, Australia, New Zealand and Canada, among others, including Europol.

    LockBit, which has been operating since 2019, has been the most prolific ransomware syndicate two years running. The group accounted for 23% of the nearly 4,000 attacks globally last year in which ransomware gangs posted data stolen from victims to extort payment, according to the cybersecurity firm Palo Alto Networks.

    A rare offensive cyber-operation for the U.K. crime agency, the operation aimed to steal all of LockBit’s data and then destroy its infrastructure, causing a “significant major degradation” of the cybercrime threat.

    LockBit is dominated by Russian speakers and does not attack former Soviet nations. The syndicate provides clients with the platform and the malware to conduct attacks and collect ransoms.

    ‘The Instagram of ransomware’

    It has been linked to attacks on the U.K.’s Royal Mail, Britain’s National Health Service, airplane manufacturer Boeing, international law firm Allen and Overy and China’s biggest bank, ICBC.

    Last June, U.S. federal agencies released an advisory that attributed about 1,700 ransomware attacks in the United States since 2020 to LockBit and said victims included “municipal governments, county governments, public higher education and K-12 schools, and emergency services.”

    An NCA official called LockBit “the Instagram or Rolls-Royce” of ransomware and said the aim of the operation was to discredit the syndicate and “obliterate their reputation.”

    “Attacking the brand is as important as attacking the infrastructure,” said an NCA official, adding that the goal of the operation was to “sow distrust amongst all the criminal users, shatter their credibility.”

    Ransomware is the costliest and most disruptive form of cybercrime, crippling local governments, court systems, hospitals and schools as well as businesses. It is difficult to combat as most gangs are based in former Soviet states and out of reach of Western justice. Law enforcement agencies have scored some recent successes against ransomware gangs, most notably the FBI’s operation against the Hive syndicate. But the criminals regroup and rebrand.

    Britain’s National Cyber Security Centre has previously warned that ransomware remains one of the biggest cyber threats facing the U.K. and urges people and organisations not to pay ransoms if they are targeted.

    (AP)

  • Data Breach: Kenya Airways Hacked, Sensitive And Confidential Files Leaked

    Data Breach: Kenya Airways Hacked, Sensitive And Confidential Files Leaked

    Kenya Airways appears to have been hit by a cyberattack by Ransomexx ransomware group on December 30, 2023 leading to a massive data leak including highly sensitive and confidential data that they uploaded on the dark internet.

    The airline, which plays a crucial role in connecting African nations to the rest of the globe, now suffers the aftermath of a targeted cyberattack that has exposed sensitive information, posing significant challenges to its operations and reputation.

    The data leak allegedly started when Kenya Airways fell victim to a sophisticated cybercriminal attack by the Ransomexx group. These hackers are notorious for targeting various organisations worldwide.

    Documents leaked cover aircraft accidents, investigation reports into employee misconduct like fraud, theft, policy violations.

    A huge volume of internal Kenya Airways data compromised including; insurance policies, confidential agreements, passwords, customer complaints, alleged sexual harassment incidents. The exposed files also contain files relating to accidents, as such documents were named ‘Accident docs’, ‘Accident investigations’, ‘Accidents’, ‘Air Accident Investigations’, and ‘Investigation Reports.’

    The leak also contains details of politically exposed people. This has dealt a blow to Kenya Airways for failing to secure the safety of customers data and exposing the airline to cybercriminals. This breach also could enable theft and fraud from the employees and customers leaked data.

    Last year in April, retail chain Naivas was hit with a similar cybersecurity breach that resulted in the exposure of crucial customer data. According to the government, the criminal group was able to transfer 611 GB of personal data.

    Naivas attackers obtained information from their customer loyalty program. The data illegally transferred had names, phone numbers, and email addresses.

    According to set laws, a cyber-attack of this kind must be reported within 72 hours of discovery. However, Naivas failed to follow the set law and did not report. As a result, Data Commissioner Immaculate Kassait said the local supermarket chain was be fined up to KES 5 Million.

    It also remains unclear whether Kenya Airways has also informed the Office of the Data Protection Commissioner Kenya of the incident.

    What Are Ransomware Attacks?

    Ransomware is a type of malware designed to deny an individual or an organization access to their files. Attackers gain access to the files on a computer or shared server and encrypt them, denying a user or organization access to their data. They then demand a ransom payment in exchange for the decryption key, with the payment often made through cryptocurrency. In some cases, such as the Naivas and KQ ransomware attacks, they include an element of  data theft – providing greater incentive for victims to pay the ransom. In a previous Kenya Airport Authority (KAA) attack, the attackers demanded Ksh67.6 million while threatening to release the data, but KAA termed the data breach insignificant while failing to pay up.

    Ransomware today is one of most prominent types of malware. Across the world, attackers are targeting organizations including dating apps, ecommerce platforms, hospitals, insurers and medical companies and holding sensitive data hostage.

    Kenya National Bureau of Statistics (KNBS) data indicates that cybersecurity advisories issued to companies increased by 3,693 percent from 81,727 in 2020 to 3.1 million advisories in 2021. The adoption of improved detection technology played a part.

    Total cyber threats rose by 142 percent from 139.1 million to 339.1 million over the same period. Of the cyber threats reported, system vulnerabilities rose from from 114,675 in 2020 to 58 million in 2021. Reported Botnet/DDOs threats also increased from 4.1 million in 2020 to 92.1 million in 2021.

    The consistent increase in attacks has been attributed to the growing number of cyber threat actors such as hacktivists, state-sponsored groups, organized cybercriminals, and cyber terrorists.