The global WannaCry ransomware attack crippled Telkom’s customer platforms, which impacted customer services.
On Tuesday morning, MyBroadband was alerted to the fact that Telkom’s systems were experiencing problems.
One of the main problems was that USSD menus and Telkom’s app were not working, preventing subscribers from buying data bundles.
Other Telkom services which were impacted were voice mail systems and the company’s call centre.
Telkom spokeswoman Jacqui O’Sullivan told the Sunday Times “the computer virus attack crippled some customer platforms, which were restored only on Thursday”.
According to the report, Telkom “thwarted attempts by the WannaCry hackers to freeze its systems so they could hold it to ransom”.
Global WannaCry attack
The global WannaCry attack started on 12 May and infected tens of thousands of PCs at large institutions, including the NHS in the UK and FedEx.
WannaCry – also known as WannaCrypt, WanaCrypt0r, WCrypt, and WCRY – targets Windows systems, unless they have been patched for MS-17-010.
The ransom demand from the attack was between $300 to $600, and the post noted that there is code to “delete files” in the ransomware.
“The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder,” stated the post.
Telkom was among many companies and organisations believed to have been targeted by the WannaCry attack in South Africa.
“IT security experts warned that further attacks were likely, and said the government and its agencies were particularly at risk due to their failure to upgrade software,” stated the report.
Telkom explains the attack
O’Sullivan told MyBroadband the alert level within Telkom’s network and IT support teams was raised on Saturday morning.
This happened as network traffic volumes started increasing in South Africa and the virus started attacking.
“Our managed security teams immediately began assessing, monitoring, and managing the situation,” said O’Sullivan.
Telkom experienced problems with certain customer service platforms on Tuesday, but most were reinstated overnight.
“However, there were intermittent problems on some of those platforms until Thursday.”
“Throughout these attacks, our priority was the protection of our customers’ data and assets.”
“We were meticulous in the control of our defence systems and we purposefully throttled some areas where we believed the risk was high.”
The sustained nature of the attacks resulted in high network traffic as Telkom’s firewalls worked to repel the attacks.
“This robust defence strategy did result in the degradation of the performance of some of our service platforms, at different times throughout the day,” she said.
“We regret the inconvenience this caused some of our customers. We are confident we took every step necessary to protect our data and our customers from any exposure to this pernicious virus.”
O’Sullivan said that despite the attack, the WannaCry ransomware virus did not infect or encrypt any files on Telkom assets.
“It is important to note that customers must install the corrective steps. Even though the current variant of the virus is unable to initiate the ransomware, devices and systems remain vulnerable until they are patched.”
“Unpatched devices or systems may continue to generate excessive network traffic and could be vulnerable to a potential second wave of the virus, should it appear in a different variant.”