The biggest online retailer in Kenya, Naivas, confirmed that it had been the victim of a ransomware assault by the cybercrime group, and that the hack may have exposed some of its data.
Through a statement signed by Willy Kimani, Chief Commercial Officer, Naivas shared that the attack had been contained and that operations had resumed normally.
"Naivas took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity" Kimani said in the media statement
This process is complete and our systems are secure. We are cooperating with the relevant law enforcement agencies, as they investigate this and the many current ransomware attacks in Kenya
The cybercrime group has promised to expose client data online in the future after claiming to have stolen the information. In response to data security worries, the retail giant chain has said that it does not save credit card or debit card data on its systems.
WannaCry ransomware virus
Kenya has seen a dramatic rise in cybercrimes over the past ten years. According to a study by the Kenya Computer Incident Response Team (KE-CIRT), 19 Kenyan businesses were attacked in 2018 and infected with the WannaCry virus, which affected more than 300,000 people.
Threat actors encrypted files on PCs to hold data hostage and then demanded Sh30,000 ($300) in bitcoin from users as ransom to regain access to the data.
Before law enforcement officials urged victims not to pay the hackers, the Communications Authority of Kenya announced that attackers had been paid Sh8 million($80,000) .