- EDITOR’S BRIEF: While the ransomware attack on Naivas Supermarket is certainly concerning, the company’s prompt and effective response is a testament to its commitment to protecting its customers’ personal information. By taking immediate action to contain the attack and secure its systems, Naivas has demonstrated its resilience in the face of a growing threat, and its determination to continue providing its customers with the highest levels of service and security.
Naivas Supermarket, one of the largest retail chains in Kenya, announced on Sunday that it had experienced a ransomware attack in which some of its data had been compromised. However, the company reassured its customers that it had taken immediate action to contain the attack, and that its systems were now secure.
Naivas added that it did not hold any credit card or debit card information in its systems, and that such payment information was handled securely and protected through Secure Sockets Layer (SSL) encryption.
In a statement, Naivas said that it had engaged leading cybersecurity experts CrowdStrike to ensure the integrity of its systems, and that it was cooperating with relevant law enforcement agencies as they investigate the matter and the many current ransomware attacks in Kenya.
The company also said that it had informed the Office of the Data Protection Commissioner Kenya of the incident, and that it takes the protection of personal information very seriously.
The statement continued, “We have been the victims of a ransomware attack by an online criminal organization. The containment process is complete and the system is now secure. At this moment, we are not aware of any malicious use of stolen data.
Naivas has been made aware that the Threat Actor has claimed to have stolen some of our data and is alleging that this may be published in due course. We and law enforcement agencies are monitoring this closely. Please accept our deepest apologies for the worry and inconvenience that this criminal activity may cause.”
Ransomware attacks are becoming increasingly common in Kenya, as well as in other parts of the world. These types of attacks involve hackers gaining access to a company’s systems and then encrypting its data, making it inaccessible to the company unless a ransom is paid. Hackers often threaten to release sensitive data publicly if the ransom is not paid.
In response to this growing threat, Naivas has taken swift action to protect its systems and data. By engaging a leading cybersecurity firm, it has ensured that its systems are secure and that any potential vulnerabilities have been identified and addressed. The company has also been proactive in informing its customers and relevant authorities about the attack, which is an important step in mitigating the impact of the incident.
