BadRabbit Ransomware now also in South Africa

If you are infected with ransomware in South Africa quite probably your data is gone. After Petya (the ransomware where you could pay and get your data unlocked) came ransomware that looked like Petya but was not Petya as you had no way of paying any ransom. badrabbit spreads using the same method as the second Petya but with seemingly better payment protocols. It feels stupid to hope that badrabbit functions like the initial Petya, but this is the realities of the world that we live in.  Read more about BadRabbit here

After the outbreaks of WannaCry ransomware a few months ago, more people are aware of the chilling effect malware has on their lives and businesses. The favourite method to infect systems in South Africa seems to be using spear phishing and email attachments. Some email attachments are cleverly disguised as “proof of payments”, billing and even accounting reports.

Repeatedly telling users not to open attachments from email addresses they do not know, also does not mean much, as SPF is hardly enforced in South Africa (so anyone can send a fake email claiming to be from anyone else)

South African Internet Service Providers (ISP’s) are mostly lax and poor at enforcing SPF (Sender Policy Framework) as well as providing DNSSEC to clients on domains. Most of the commercial banks in South Africa still do not provide DNSSEC and some only recently added “-all” to their SPF records.  many commercial banks in South Africa do not force strict SPF as they send “marketing” SPAM from mulitple spam ESP’s and from non responsive @noreply email addresses.

South African Business sectors needs to adopt ethical behavior and stop corporate automated and non monitored bulk email dumping and until they do that, providing South African Consumers with better general security will remain problematic.

South African Companies, IT Companies and ISP’s are low hanging fruit due to their own spamming requirements.

The South African Government does not care whether they are sending communications to the correct email address or correct person. Complaints to are frequently replied to in the following method: “The communication sent is real South African Government Communication” even thought the Government is sending email to dead people, fake email addresses or non existent email addresses.

Complaints of email abuse to banks, for example ABSA Bank are ignored and the same fake emails are sent by ABSA, FNB and other banks on an ongoing basis.

There are email examples, including full email headers, server logs and more, all preserved from the past few years, right up to the past week available to back up the above paragraphs.

Legal departments of ABSA, FNB, NEDBANK or the SA Government are most welcome to request copies of said emails, which will then also be published on this website, together with that request)