Thursday’s attack was the second in three weeks for the association.
Companies and people around the world have been reeling in the wake of mass cyber attacks.
Recently, the cyber “worm” compromised Britain’s National Health Service (NHS).
Highway Hospice chief executive Linda Webb said she was shocked by the attack.
“I asked myself how we could be hit again.
“Why are they targeting us?
“I was very disappointed. The staff couldn’t believe it and were asking ‘why us’?” Webb said.
In an effort to stop its spread, staff were told not to switch on their computers.
This resulted in downtime for staff as the organisation ground to a standstill.
The files encrypted in the attacks included vital information from oncologists who work with the organisation. “It affected our service delivery. Everything was delayed. It has even delayed our annual report to show our donors what we have done,” Webb said.
The attacks resulted in a situation where the hospice’s reputation was at risk because it was not able to work effectively.
Webb took to Facebook to explain what had happened. Fortunately, she received a positive response from the public.
IT specialist Ian Naidoo, who is helping the organisation, said: “After the first episode we thought it would be a once-off incident, but three weeks later, we experienced it again. The whole server was infected.”
When they were first hit, they contacted the hacker who had e-mailed them his demands.
Naidoo said the attackers demanded three bitcoins (a digital currency) which cost about R50000 at the time. He told them the hospice would not be able to afford the money because they were a charity.
The cyber criminals then lowered their demands to two bitcoins.
The hospice, however, did not give in to the demands, but bought new equipment instead, which cost about R40000.
Naidoo said they did not entertain the hackers when they were hit again yesterday.
Webb added that the money used to buy new equipment could have gone to treat their terminally ill patients.
“It could have been used for our patient care. Drugs and painkillers are expensive. We buy it through raising funds, fêtes and various other fundraising activities. That’s what is also very hurtful: we’re the last company that can afford to pay the ransom.”
Having backups has lessened the impact of the latest attack, Naidoo said, although it would take them about two days to get up and running again.
Craig Rosewarne, director of Wolfpack Information Risk, said about 5% of instances where ransomware had been detected globally had been in South Africa. “Ransomware is a booming industry,” he said.
Rosewarne said there were websites where criminals could buy ransomware and others where people could get decryption keys.
“When a person has been attacked by ransomware, they should first try to find decryption keys online before acquiescing to the hackers’ demands. The hardest hit would be people who did not have any backups.”
Rosewarne said his observation was that the hackers often provided decryption keys to people who paid up.