With the POPIA deadline looming around the corner it is essential for all business to take action and ensure that their business meets the criteria for POPIA compliance. The need for your business to be POPIA compliant is not only to utilize internal data protection but, the penalties involved if your business is found not to be compliant after 1 July 2021.

The POPI Act sets forth eight conditions for the lawful processing of personal information. These conditions address how organizations demonstrate accountability for ensuring they respect the privacy of individuals in South Africa.

The Act regulates how this information is collected, stored, processed, and shared. Although the Act was signed into law in 2013 and certain sections of the Act went into effect in 2014, these effective sections pertained to the establishment and appointment of the Information Regulator. Once the sections of the Act that place obligations on organizations to ensure the lawful processing of personal information begin, organizations will have one (1) year following that date to comply with the Act’s provisions.

There are essentially two legal penalties or consequences for the responsible party:

  1. A fine or imprisonment of between R1 million and R10 million or one to ten years in jail.
  2. Paying compensation to data subjects for the damage they have suffered.

It is very unlikely that anyone will go to jail and the fines are small compared to other jurisdictions. The other penalties include:

  • Reputation damage
  • Losing customers (and employees)
  • Failing to attract new customers

But your main motivation for complying with the Protection of Personal Information Act (POPIA) should be to protect people from harm.

Infraplex has POPIA packages available for your business to help you get compliant before the POPIA deadline. Infraplex has devised a four step solution within our POPIA packages these are:

Consultation

The first step to becoming compliant is setting up a consultation with a compliance agent. This one on one consultation will allow us to get to know you and your business.

Assessment

The assessment process allows us to see what your business currently is and is not compliant with. This involves analysing your internal data storage and processes to determine your current level of legal compliance.

Appointment

In order to gain and maintain your business compliance, we will be required to appoint a compliance officer within your business to monitor your compliance and ensure that processes are performed in accordance to the law.

Solution

Once your current compliance needs have been established, we will then offer your business the correct products and security solutions to maintain compliance.

Click here to set up a consultation with our compliance officer.

Visit compliance.infraplex.net for more infor mation on getting your business compliance.

In South Africa’s current climate, we are constantly surrounded by criminal threats and our first line of defense is to pick up the phone and call for help.

But what number do you call??

We have compiled a list below for you to print and stick on your fridge so that in the event of an emergency, these numbers are nearby.

Emergency

Provider

Number

All Mobile network operator emergency call centre 112
Crime SA Police Service 10111
Medical Government 10177
ER24 084 124
Netcare 082 911
Accidents Arrive Alive 0861 400 800
Fire Fire Department 998/999
Poisoning Bloemfontein region 082 491 0160
KwaZulu-Natal region 080 033 3444
Red Cross 021 689 5227
Tygerberg region 021 931 6129
Mountain rescue Gauteng 074 125 1385 / 074 163 3952
KwaZulu-Natal 031 307 7744
Western Cape 021 948 9900
Self-harm or suicidal thoughts Life Line 0861 322 322
SADAG Mental Health Line 011 234 4837
Suicide Crisis Line 0800 567 567
Child abuse Childline 0800 05 55 55
Domestic abuse Gender-Based Violence Command Centre 0800 428 428 / 0800 150 150

 

Telegram has a feature that lets you import messages from WhatsApp, allowing users to migrate entire chat histories from WhatsApp to Telegram.

This new feature relies on WhatsApp’s “export chat” function, which lets you export the messages in a conversation as a text file. You can also export the photos, videos, audio, and contacts in a conversation.

It isn’t possible to move all of your conversations from WhatsApp to Telegram at once this way. You have to go into each of your contacts and groups, and export all of your chats one by one.

Before deciding whether to transfer all of your WhatsApp messages to Telegram, it is important to know how Telegram will be storing those messages.

Telegram “cloud chats” vs. WhatsApp store-and-forward

When you send a message over WhatsApp and Signal, it is encrypted on your phone and sent to one of the platforms’ servers.

The message is then forwarded — in its encrypted state — to the person or group you are sending it to. Once delivered, the message is deleted from the server.

In other words, the unencrypted message only exists on your phone and on the phones of the people you sent it to.

Telegram has built its platform on an entirely different philosophy. By default, Telegram stores and keeps messages on its servers, along with the keys to decrypt them.

While Telegram does offer a “secret chats” feature that works similarly to WhatsApp and Signal’s end-to-end encryption, but it is not possible to import your WhatsApp messages into a Telegram secret chat.

Telegram’s cloud chats have the benefit that you can log in to your Telegram account from anywhere and access all your messages without having to restore them from a backup.

However, it has a major drawback in that you have to trust that Telegram will not read the contents of your messages, sell them, or monetise them in some other way in future.

Telegram’s privacy record

Telegram’s track record in this regard has been good so far.

It fought an attempt by the Russian government to force Telegram to hand over encryption keys which the Federal Security Service in Russia wanted to use to decrypt users’ messages.

The battle between Telegram and the Russian government ultimately led to the messaging service being banned in Russia.

This in turn led to a high-tech game of cat and mouse that saw Russian authorities blocking Internet Protocol addresses belonging to Amazon Web Services and Google in an attempt to prevent access to Telegram within Russia. Many local businesses were temporarily knocked offline as a result of the fight.

In an FAQ on its website, Telegram states: “To this day, we have disclosed 0 bytes of user data to third parties, including governments.”

WhatsApp cloud backups

To make an informed decision about the privacy and security risks of migrating your messages to Telegram, it’s also important to take WhatsApp’s cloud backup feature into consideration.

WhatsApp offers the ability to back up your messages through integrations with Google and Apple cloud storage services. iPhone users may back up their WhatsApp messages to iCloud, while Android users may use Google Drive.

It is possible to disable cloud backups and opt to manually back up your WhatsApp data.

Whether stored in the cloud or not, these backups are not protected by WhatsApp’s end-to-end encryption.

Backing up your WhatsApp messages to the Apple or Google cloud is, in principle, similar to exporting and uploading them to Telegram.

Apple, Google, and Telegram may use their own encryption to protect your messages, but they also hold the keys to decrypt them.

If you wish to use WhatsApp’s cloud backup feature, you must then decide whether you trust Apple or Google to keep your data safe and private.

Similarly, if you wish to migrate your messages to Telegram from WhatsApp you must decide whether you trust it to keep your conversations safe and private.

No quid-pro-quo

Another factor to take into account is that while WhatsApp has provided the option to export your messages, Telegram does not offer a similar feature in its mobile app.

The Telegram desktop client does have the ability to export all of your chats either as human-readable HTML or in JSON format.

However, it does not offer the same level of granularity or ease of use that WhatsApp currently does.

Comparison of WhatsApp, Telegram, and Signal

The following table compares the key features of WhatsApp, Telegram, and Signal.

Not covered here is the issue of the collection and monetisation of personally identifying information by instant messaging applications.

Your messages over free platforms like WhatsApp and Telegram may be encrypted and treated with respect, but that does not stop these platforms from gathering other data such as your usage patterns, contacts, and phone number.

For more on this, please read our earlier report: WhatsApp compared to alternatives Telegram and Signal.

WhatsApp’s updated privacy policy and terms of service were recently the subject of significant social media backlash, causing Facebook to delay the cut-off date to accept its new terms for using WhatsApp.

Telegram has also previously disclosed that it plans to roll out advertising in the large public broadcasting groups hosted on the platform. It will introduce its own ad platform rather than supporting and sharing user data with third-party ad platforms.

Feature WhatsApp Telegram Signal
End-to-end encryption Yes (Signal Protocol) Only in secret chats (MTProto) Yes (Signal Protocol)
Group chats Max. 256 people Max. 200,000 people Max. 1,000 people
Voice calls Yes Yes Yes
Video calls Yes Yes Yes
Group voice calls Max. 8 people Thousands of people Max. 5 people
Group video calls Max. 8 people Not yet available Max. 5 people
User ID Phone number only Phone number or username Phone number only
Cloud storage / backups Backups to Google or Apple servers available Encrypted messages stored on Telegram servers. Telegram has keys to decrypt them. None / Manual backups only
Open source encryption software No — Possibly re licensed from GPLv3 lib signal-protocol No Yes
Open source client software No Yes Yes

Information sourced from My Broadband.

Energy expert Chris Yelland said South Africa experienced the worst load-shedding on record in 2020 and that he expects 2021 to be even worse.

Yelland said “The reality is that Eskom’s energy availability factor (EAF), which is a measure of the availability of Eskom current fleet of power stations, is declining year on year.”

“The best thing that I think one can hope for is that Eskom could stabilise this energy availability factor at the current low levels,” said Yelland.

South Africa has already experienced seven days of load-shedding within the first three weeks of the year when demand was low.

As demand for electricity picks up, Eskom’s ageing power generation fleet will be under severe pressure, especially going into colder months.

The biggest problem is breakdowns. During the most recent bout of load-shedding, 14,748MW of capacity was unavailable due to unplanned maintenance, breakdowns, and outage delays.The lost capacity because of breakdowns dwarfed the 5,358MW which was unavailable because of planned maintenance.

The fact that most of the lost capacity is caused by unpredictable events makes it nearly impossible for Eskom to accurately forecast load-shedding. A good example is Eskom CEO Andre de Ruyter’s comments in May 2020 that their outlook for the winter season shows little to no load-shedding expected after the lockdown.

The table below shows the three-month outlook for load-shedding in South Africa.

Eskom load-shedding outlook

Possibility of stage 8 load-shedding

Power and mining expert Ted Blom recently said South Africa should brace itself for the worst year of load-shedding yet in 2021, with Stage 8 being a possibility.

He said Eskom is able to absorb around 11,000MW of electricity shortages before they have to implement load-shedding. Eskom’s outlook for the next three months shows a near-consistent unavailability of 20,000MW because of planned and unplanned outages. This will leave Eskom with a deficit of around 9,000MW, which Blom said can result in stage 6 or even stage 8 load-shedding.

Yelland is less pessimistic on Eskom’s load-shedding outlook, saying to expect stage 8 load-shedding is alarmist.

“You can’t write it off. But to say that we are heading for that is premature. But as I say, it’s not impossible, but I don’t think it’s likely,” Yelland said.

Eskom spokesperson Sikonathi Mantshantsha added that their maintenance plan makes provision for 14,000MW of breakdowns. “That will give us stage 2 or stage 3 load-shedding. In the worst-case scenario we have prepared for stage 4 load-shedding with 15,000MW of breakdowns,” he said.

“For stage 8 load-shedding to occur will require a lot of breakages of Eskom’s equipment – north of 20,000MW. We have not seen that.”

Eskom said they are not working towards a scenario where Eskom will have to implement stage 8 load-shedding, however if stage 8 is implemented, it will require longer shedding periods for South Africans to endure.

The looming resource situation

Yelland said he does not expect the problem of electricity shortages and load-shedding to improve in the short term. “Government procurements of new generation capacity, that means the so-called 2000 megawatts of risk mitigation IPP programme, is about to be adjudicated,” he said. “But then still, orders have to be placed and financial closure has to be achieved – that can typically take six months.”

After these processes, delivery must happen, construction must be done, and the new power must be connected to the grid.

Yelland said the government is touting the end of 2022 for this to happen, but he thinks it is very optimistic.

“I don’t think we can see any improvement before the end of 2022, perhaps even longer,” he said.

Compounding these challenges is that there is currently a leadership vacuum which means people are not making decisions timelessly. “I think there are some agendas within the regulator and within the Department of Mineral Resources and Energy that are trying to hold back the uptake of distributed renewable energy,” said Yelland.

“There are some internal political agendas that are trying to slow this uptake. This has to be addressed at the highest level.” Yelland said South African households and businesses should not rely on Eskom for their future electricity needs. Instead, they should invest in solar and generators to ensure they are not left in the dark when load-shedding hits.

Eskom load-shedding from 2007 to 2020

The table below provides an overview of the number of days of load-shedding and the amount of power shed since 2007.

Year Load-shedding (number of days)
2007 13
2008 44
2009 0
2010 0
2011 0
2012 0
2013 3
2014 17
2015 103
2016 0
2017 0
2018 15
2019 30
2020 52In
Load-shedding (TWh)
2007 0.10
2008 0.77
2009 0.00
2010 0.00
2011 0.00
2012 0.00
2013 0.03
2014 0.29
2015 1.40
2016 0.00
2017 0.00
2018 0.22
2019 1.09
2020 1.27

Information sourced from My Broadband.

WhatsApp has updated its terms and conditions section to include further Facebook integration – including a requirement that app users share data with the company.

As WhatsApp is the central social point of communication within South Africa, it is essential that app users take a minute to understand these new privacy rules they are agreeing to.

In an in-app message sent to users this week, WhatsApp said that the changes will include:

  • Updates to WhatsApp’s service and how it processes your data;
  • How businesses can use Facebook hosted services to store and manage their WhatsApp chats;
  • How WhatsApp will partner with Facebook to offer integrations across Facebook Company products.

WhatsApp said that these changes will officially come into effect from 8 February. After this date, any user which has not agreed to the new terms will no longer be able to use the messaging service.

New Privacy T & Cs can be found here

ArsTechnica reports that some of the data that WhatsApp collects includes:

  • User phone numbers;
  • Other people’s phone numbers stored in address books;
  • Profile names;
  • Profile pictures;
  • Status message including when a user was last online;
  • Diagnostic data collected from app logs.

Under the new terms, Facebook reserves the right to share collected data with its family of companies.

Facebook acquired WhatsApp for $19 billion in 2014. The company was founded by Jan Koum and Brian Acton who had previously spent 20 years combined at Yahoo.

More than two billion people in over 180 countries use the app, which is currently available as a free download.

Information provided by Business Tech Insider.

Get ready for new and exciting movies and TV Shows coming to Netflix and Showmax this week.

Miami Vice

Netflix

IMDb – 6.0

miami-vice


Left Behind

Showmax

IMDb – 6.5

left-behind-2014


 

The Lost World: Jurassic Park

Netflix and Showmax

IMDb – 6.6

the-lost-world-jurassic-park


Spirit: Stallion of the Cimarron

Showmax

IMDb – 7.2

spirit-stallion-of-the-cimarron

 


Pieces of a Woman

Netflix

IMDb – 5.4

pieces-of-a-woman


The Post

Showmax

IMDb – 7.2

the-post

 


Split

Netflix and Showmax

IMDb – 7.3

split


Vikings – Season 6

Showmax

IMDb – 8.5

vikings

 


History of Swear Words – Season 1

Netflix

IMDb – 6.6

history-of-swear-words


Brooklyn Nine-Nine – Season 7

Showmax

IMDb – 8.4

brooklyn-nine-nine


Information courtesy of My Broadband.

The holidays brings lots of free time to spend with you family, and of course keeping your children busy and entertained.

We have included 15 child friendly shows that are available on Showmax to keep your kids entertained.

If you are looking to turn your TV into a smart TV and subscribe to showmax, call us 010 590 8856.

So here are some of the top-rated and most popular kids’ shows on Showmax that you can download for your kids to watch offline later – while you’re travelling, at your remote holiday house or at Granny and Grandpa’s house where there’s no Wi-Fi.

Endlings

In the not too distant future, the last African elephant has just disappeared. Meanwhile, in Canada, an alien craft crashes on the farm home of four foster children.

Inside is an alien who crosses the galaxy collecting Endlings, the last creatures of their kind. The kids embark on a series of conservation adventures.

 


Abby Hatcher: Monster Catcher

This sweet series for younger kids follows energetic seven-year-old Abby Hatcher and her friends, the Fuzzlies, crazy creatures that live in her family’s hotel.

With her best friend Bozzly, she goes on wild adventures, trying to fix all the mishaps caused by Fuzzly mischief.

 


Cocomelon

Quiet time for toddlers is taken care of with this sweet show that teaches little kids letters, numbers, colours and more through songs and animation.

There’s a recurring cast of characters to get to know, from cute farm animals to inquisitive baby JJ and his caring family.

 


Paw Patrol Mighty Pups Special

When a mysterious meteor crash lands in Adventure Bay, the Paw Patrol pups gain special powers.

These really come in handy as they have to race against time to rescue Ryder and save the day.

 


Paw Patrol S1-2

Ryder and his pup pack, including firefighter-in-training Marshall and wannabe police-dog Chase, spring to action to save the day in Adventure Bay.

Whenever you’re in trouble, just yelp for help!

 


The Gruffalo 

Julia Donaldson and Axel Schaeffer’s classic tale comes to life in a delightful animation featuring some top British talent.

Also on Showmax are The Gruffalo’s ChildRoom on the BroomStick ManThe Highway Rat and The Snail and the Whale.

 


Pablo S1-2 

Pablo may have autism, but that doesn’t stop him from tackling the world. With the help of his imaginary friends, who he creates with his crayons, he learns that he can handle whatever comes at him.

 


Find Me in Paris S1-2

Lena the ballerina is on the cusp of fame in the year 1905 – until her boyfriend gives her an old family necklace that transports her to the 21st Century.

While trying to find a way back home, she learns how to fit into the modern world – and realises that she might not want to go back at all.

 


Revolting Rhymes 

Roald Dahl’s hilarious twists on classic fairy tales were brought to life by Cape Town-based Triggerfish Animation in collaboration with Magic Light Pictures in this delightfully gory series that was nominated for an Oscar and won 15 major international awards.

 


Guess How Much I Love You S1-2

Big Nutbrown Hare and his son Little Nutbrown Hare live happily together and always look for different ways to show their love for each other. Illustrated in beautiful watercolours, this is an inspiring and entertaining show.

 


Adventure Time S1

Finn and Jake are the heroes of Ooo, a land filled with quests and monsters to be vanquished.

Whether it’s the evil Ice King or doing an errand for the lovely Princess Bubblegum, there is always a new adventure waiting for them.

 


Regular Show S1

Mordecai wants to do a good job as a groundskeeper, but he’s lazy.

Rigby, his pal, is always looking for trouble – and trouble is what they find. How these guys aren’t fired yet is anyone’s guess…

 


Peppa Pig Special: Christmas Party

It’s Christmas in the Pig household and everyone is invited for a great big party! Who will show up and what gifts will they bring? And is there a chance we’ll see Santa Claus himself?

 


A Garfield Christmas Special

Garfield has to survive a Christmas on the farm with Jon’s family. And everyone on the farm wants to be active!

Fortunately, there are plenty of naps and good food to help him cope.

 


Nella the Princess Knight

Nella isn’t your average princess. She is a princess-knight and with the support of her friends solves problems around her kingdom.

No matter what happens, Nella stays true to herself.

Information provided by My Broadband.

Infraplex in association with Sophos brings you the Ransomware Hall of Infamy, a collective case study of the most controversial and fascinating Ransomware cases in history. Infraplex as a telecommunications provider has embarked on a mission to educate and grow with the modern users of the day, not to only provide quality products and services, but to teach our audience about online safety.

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. This is a collection of the most infamous cases in ransomware history.

Case 1: The AIDS Information Trojan.

The AIDS Trojan, also known as the PC Cyborg virus, was the first ever ransomware virus documented. … The AIDS trojan was created by a biologist Joseph Popp who handed out 20,000 infected disks to attendees of the World Health Organization’s AIDS conference.
“Popp’s malware was delivered in a fairly unorthodox manner, with the internet still being in its infancy. Popp mailed every victim an infected floppy disc, labeled as “AIDS Information Introductory Diskette,” using hijacked mail subscriber lists to the World Health Organization AIDS conference and PC Business World magazine in December 1989.
The software contained a questionnaire about the AIDS virus, disguising itself as a survey. The disc was stamped with a logo for the “PC Cyborg Corporation.”
In reality, the floppy disk would deliver its payload of encryption malware onto the computer, making it one of the earliest pieces of Trojan malware.” -Lessing
(for more on the case study for this case visit https://www.sdxcentral.com/security/definitions/case-study-aids-trojan-ransomware)

Case 2: Cryptolocker

Cryptolocker is a type of ransomware virus that infects your computer and secretly encrypts office documents, images, and other important files. Once the files are infected, you will receive a message, or “ransom note,” explaining you cannot access your files unless you pay a “fine.”

The files become encrypted and not even an antivirus software can help. Once the files are locked, it’s impossible to recover them.

” The most common method of infection is via emails with unknown attachments. Although the attachments often appear to be familiar file types such as *.doc or *.pdf, they in fact contain a double extension — a hidden executable (*.exe).

Once opened, the attachment creates a window and activates a downloader, which infects your computer. Because the program is a Trojan, it cannot self-replicate, meaning it must be downloaded to infect your computer. In addition to malicious email attachments, this malware may also come from websites that prompt you download a plug-in or video player. Typically, you will see nothing wrong with your computer until all files have been encrypted. Then, a warning will pop up indicating that you have been infected and showing a countdown timer until all your data is destroyed.

Many antivirus programs can remove this Trojan, but are unable to decrypt your data. In some cases, users have re-installed the Trojan after removal in order to pay the ransom and unlock their data. ” – Kapersky

Technopedia discusses how malware itself is not difficult to remove, the affected files remain encrypted. At the time of the initial outbreak, users without reliable backups had the choice of paying the ransom — and hoping that those behind the infection were honest enough to actually decrypt the affected files — or simply accepting their data as lost. However, there are now online tools that claim to have the ability to decrypt files that have been encrypted by CryptoLocker.

Case 3: Reveton

The Troj/Reveton-Ransomware family consists of computer infections that lock you out of computer unless you pay a ransom.  It does this by displaying a lock screen when you login to Windows that pretends to be from a law enforcement agency in your country.  For example, if you are in the United States of America the message may be from the FBI and if you are in the United Kingdom the message would pretend to be from the Metropolitan Police Service. In order to access your computer you must submit a MoneyPak voucher, or other payment coupon, to the malware developers and they will then unlock your computer so you can access your Windows desktop again.

 

The lock screens that will be displayed state that your computer was detected as having broken various laws regarding pornographic material, download copyrighted programs, or the distribution of copyrighted programs.  They will then state that you need to pay a fine or the government will prosecute you and that you may have to pay a fine or will be jailed. In order to pay a fine you will typically need to purchase a MoneyPak voucher and submit the voucher identification number into the lock screen.  It is important to remember that these messages are fake and you have not actually been locked out of your computer by the government.

 

When infected with a variant of the Troj/Reveton-Ransomware family, your computer wil perform the following behavior:

  • When you login to Windows you will be shown a screenlocker that pretends to be from a government agency. This screenlocker will state that you must pay a fine in order to gain access to your computer.
  • The screen locker will pretend to be from a government agency from the country that corresponds to the geographic region of your computer IP Address. Therefore, if your IP Address is located in the United States you may be shown a message from the FBI, while if you are in Argentina it would be from Police Federal Argentine.

Information provided by Bleeping Computer.

Case 4: Ryuk

 

The operators of Ryuk ransomware are at it again. After a long period of quiet, we identified a new spam campaign linked to the Ryuk actors—part of a new wave of attacks. And in late September, Sophos’ Managed Threat Response team assisted an organization in mitigating a Ryuk attack—providing insight into how the Ryuk actors’ tools, techniques and practices have evolved. The attack is part of a recent wave of Ryuk incidents tied to recent phishing campaigns.

First spotted in August of 2018, the Ryuk gang gained notoriety in 2019, demanding multi-million-dollar ransoms from companies, hospitals, and local governments. In the process, the operators of the ransomware pulled in over $61 million just in the US, according to figures from the Federal Bureau of Investigation. And that’s just what was reported—other estimates place Ryuk’s take in 2019 in the hundreds of millions of dollars.

Starting around the beginning of the worldwide COVID-19 pandemic, we saw a lull in Ryuk activity. There was speculation that the Ryuk actors had moved on to a rebranded version of the ransomware, called Conti. The campaign and attack we investigated was interesting both because it marked the return of Ryuk with some minor modifications, but also showed an evolution of the tools used to compromise targeted networks and deploy the ransomware.

The attack was also notable because of how quickly the attacks can move from initial compromise to ransomware deployment. Within three and a half hours of a target opening a phishing email attachment, attackers were already conducting network reconnaissance. Within a day, they had gained access to a domain controller, and were in the early stages of an attempt to deploy ransomware.

The attackers were persistent as well. As attempts to launch the attack failed, the Ryuk actors attempted multiple times over the next week to install new malware and ransomware, including renewed phishing attempts to re-establish a foothold. Before the attack had concluded, over 90 servers and other systems were involved in the attack, though ransomware was blocked from full execution.

Information sourced from Sophos.

Case 5: SamSam

As the year 2016 began, a ransomware threat appeared that attacked its victims unlike any previous ransomware attack. SamSam, named after the filename of the earliest sample we uncovered, uses a brutally minimalist, manual approach to target and compromise victims.
The attacker or attackers use a variety of built-in Windows tools to escalate their own privileges, then scan the network for valuable targets. They want credentials whose privileges will let them copy their ransomware payload to every machine – servers, endpoints, or whatever else they can get their hands on.
Once in, the attacker(s) spread a payload laterally across the network; a sleeper cell that lays in wait for instructions to begin encrypting. Ever a predator, the attacker waits until late at night, when the target organization is least well equipped to deal with it, before the final blow is struck. A sneak attack while the target literally sleeps, SamSam encrypts a prioritized list of files and directories first, and then everything else.
Unlike virtually every other ransomware attack, the entire attack process is manual. No badly worded spam email with an attachment is the culprit. The attacker breaks in the old fashioned way: using tools that attempt as many logins as quickly as the Remote Desktop Protocol will permit, and exploits operating system vulnerabilities, though not as many as you’d think. SamSam usually succeeds when the victim chooses a weak, easily guessed password.
In this report, we’ll cover the anatomy of a SamSam attack, and why it isn’t necessarily hard to defend against. We also took a deep dive into the ransomware payload, tracing its evolution from an early beta through its (so far) third major revision, with no sign of a slowdown in sight, and an ever-increasing ransom demand with each subsequent attack. Partnering with the cryptocurrency monitoring firm Neutrino, we traced the money trail and discovered far more victims – and funds – than had been previously reported.

Information provided by Sophos.

Case 6: Satan

Cybercriminals have long used themes like the devil, the occult and what you might rather loosely call “the dark arts” as inspiration for malware names: Dark Avenger, Necropolis, Mydoom, Natas (which is Satan backwards) and SatanBug are just a few examples

But there’s one aspect of the Satan ransomware that isn’t old-school, and that’s what we’re looking at in this article: its business model.

Satan is a ransomware, a malicious software that once opened in a Windows system, encrypts all the files, and demands a ransom for the decryption tools.

But Satan is also an online crimeware service:

As you can see from the welcome screen on Satan’s website, which you access using Tor via a .onion address on the dark web, this ransomware is backed by a cloud service you sign up for.

Satan has brazenly copied the business model of many legitimate online services such as iTunes and eBay: joining up is free, but you pay-as-you-go on a percentage basis when you put business through the site.

The Satan service claims to:

  • Generate a working ransomware sample and let you download it for free.
  • Allow you to set your own price and payment conditions.
  • Collect the ransom on your behalf.
  • Provide a decryption tool to victims who pay up.
  • Pay out 70% of the proceeds via Bitcoin.

The service (we’ll use that word without quotation marks, but you may infer them if you wish) even supports optional two-factor authentication based on a public-private key pair, just like SSH, and a CAPTCHA to make automatic mass signups more difficult:

Once you have a login, you can begin to generate ransomware samples, tailored to your own price point.

Information provided by Sophos.

Case 7: WannaCry

We’re aware of a widespread ransomware attack that is affecting several IT organizations in multiple countries. A new ransomware attack called Wanna (also known as WannaCry, WCry, WanaCrypt, WanaCrypt0r, and Wana DeCrypt0r) is encrypting files and changing the extensions to .wnry.wcry.wncry, and .wncrypt.  The malware then presents a window to the user with a ransom demand.

The ransomware spreads rapidly, like a worm, by exploiting a Windows vulnerability in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin.

The analysis seems to confirm that the attack was launched using suspected NSA code leaked by a group of hackers known as the Shadow Brokers. It uses a variant of the ShadowBrokers APT EternalBlue Exploit (CC-1353). It uses strong encryption on files such as documents, images, and videos.

There were three key factors that caused this attack to spread so quickly:

  1. The inclusion of code that caused the threat to spread across networks as a worm quickly without needing further user action after the initial infection had taken place.
  2. It exploited a vulnerability that many organizations had not patched against. Patching operating systems is the first line of a security strategy, yet many still struggle to achieve regular updates across their environments.
  3. Organizations are still running Windows XP. Microsoft had discontinued support for Windows XP and not issued a patch for this system, but subsequently issued a patch for Windows XP in light of this attack. Microsoft does support legacy versions of Windows, but at extra cost.

Information provided by Sophos.

Case 8: GP – Code

The GPcode ransomware was released in June 2006 infecting PCs through spear phishing scams.  The GPcode was spread via email attachments that looked to be a job application.

GPcode Ransomware Message

GPcode Ransomware Instructions Example

The first versions of GPcode was easily broken because it wrote the encrypted file to a new location, and deletes the unencrypted file, and this allows an undeletion utility to recover some of the files. This sometimes gives enough information to decrypt other files. Other variants or GPCode ransomware use symmetric encryption, which made key recovery very easy.

How It Works 

Using a 660-Bit RSA public key to encrypt or lock victims files, GPCode ransomware would prevent victims from accessing everything in the MyDocuments directory.  GPCode required victims to pay a fee or ransom and in return a code or key would be delivered to the victims; which they would used to unlock their files.

This version of ransomware is especially nasty because it can leave a backdoor open to other hackers. Furthermore, this gateway allows hackers to access important information such as secure documents, social security number, bank account numbers and credit card information.

In late November 2010, a new version of GPCode was discovered that uses stronger encryption (RSA-1024 and AES-256) and physically overwrites the encrypted file, making recovery nearly impossible.

Information provided by KnowB4.

This is how many people are not paying their TV licence in South Africa

“The Democratic Alliance (DA) has launched a petition to oppose the government’s plans to extend TV licence fees to streaming services like Netflix and Showmax.” – My Broadband

The Department of Communications and Digital Technologies is set to present its proposal to extend the payment of TV licence fees to include streaming services like Netflix as of 25 November 2020.

The Broadcasting Act currently requires South Africans to pay a TV licence fee for viewing “broadcasting services”. South Africans are also not allowed to buy a television without a TV licence, a requirement that is enforced by retailers.

Failure to be in possession of a valid television licence when owning a television and watching broadcasting services is a civil offence. Any person who fails pay their TV License is committing an offence and is liable, upon conviction in a criminal court, to a fine not exceeding R500 in relation to each offence and/or to imprisonment for a period not exceeding six months.

As it currently stands, the definition of “broadcasting services” applies to content viewed on a television. The department now wants to broaden the definition of a “broadcasting service” to include online broadcasting services.

If this proposal goes through, it means that people will require a TV licence to watch streaming services like Netflix, Apple +, Showmax, and Amazon Prime.

This is part of an attempt to increase TV licence revenue and compliance, which has come under pressure over the past few years.

The SABC’s annual report for the 2019/2020 financial year revealed that less than a quarter of TV licences were paid over last year. This is due to the mass migration from traditional television to streaming services.

This new implementation however does come with a few concerns. One major concern being that if you are subscribed to multiple streaming services for example Netflix, HBO and Prime Video, this new regulation is unclear on if you will be paying one fee as a end user or multiple TV License fees for every subscription registered to you.

The DA’s campaign follows the Organisation Undoing Tax Abuse’s (Outa’s) call to scrap TV licences altogether.

TV licence revenue declined by 18% year-on-year to R791 million, which the broadcaster said was due to the delayed use of debt collection agencies in this period.

Instead of trying to improve TV licence collections, Outa said the system should be scrapped completely.

“Incompetence, maladministration, and corruption at the SABC should not become a burden to successful private industries or South Africans,” it said.

“Any tax or levy that fails to achieve its purpose due to failed administration or unenforceable mechanisms should be closed down.”

It added that the proposed regulations have far-reaching implications for South Africans, including that owning a smartphone or tablet would require them to have a TV licence.

Outa added that content from on-demand services, like Netflix, would be regulated to ensure South African content is given airtime or face being blacklisted.

“This is a blatant rebuttal of freedom of choice, the democratisation of information and universal access,” said Outa executive manager Julius Kleynhans.

He added that whichever way you look at it, citizens once again have to pay for government’s incompetence and failure to run state-owned enterprises like the SABC.

“We fear that this will be another method of getting more money from citizens to fund the corrupt,” Kleynhans said.

Information provided by My Broadband