Ransomware is the biggest cyberthreat in South Africa, and anyone can be a target. Here’s what you need to know.
We’ve all seen the devastation that ransomware attacks can cause on the news. From tens of thousands of customer details being compromised to millions of rands being asked in ransoms, many of South Africa’s largest organisations, or their suppliers, have been hit, including the City of Johannesburg, Life Healthcare, Dischem and Transnet.
According to Seacom, South Africa is the most targeted African country in terms of ransomware and business email compromise. In fact, Sophos’ The State of Ransomware 2022 reported that more than half of South African firms were impacted by ransomware in 2021, and this rose to 78% in the State of Ransomware 2023 report.
Exploited vulnerabilities were the main root of attacks, accounting for 49% of incidents, with compromised credentials following with 24% of attacks. The amount of data stolen in attacks (35%) was also higher than the global average (30%.)
According to a report by Cybersecurity Ventures, global ransomware damages reached $20 billion in 2021, up from $11.5 billion in 2019. The report also predicts that a ransomware attack will occur every 11 seconds globally. With global cybercrime syndicates raking in billions of dollars each year, ransomware attacks will continue to rise. These attacks can have severe consequences for individuals and organisations, causing financial loss, reputational damage, and even business interruption. Some ransomware attacks may also result in the theft of sensitive information, which can be used for identity theft or sold on the black market.
Given the severity of these attacks and the threat they pose, let’s take a closer look at what they are, and how you can protect yourself and your business from them.
Ransomware is a type of malicious software (malware) that encrypts files on a computer or network, making them inaccessible to the owner or user. The attacker then demands payment (often in cryptocurrency) in exchange for the decryption key needed to restore access to the encrypted files. Ransomware can be spread through various means, such as phishing emails, malicious websites, or vulnerabilities in software or systems.
It is important to note that the threat of ransomware is not limited to large organisations but also affects individuals and small businesses. Anyone can be a target of a ransomware attack, and it is crucial to take steps to prevent and prepare for such attacks.
Email phishing: The most common way hackers send ransomware is through email phishing. They may send an email with a malicious attachment or a link to a website that contains the ransomware. When the victim opens the attachment or clicks on the link, the ransomware is downloaded onto their computer. To avoid falling victim to phishing scams, be cautious of any unexpected or suspicious emails, especially those with attachments or links. Never open an attachment or click on a link unless you are certain it is legitimate.
Malicious websites: Fake websites that appear legitimate are used to lure victims into visiting the sites, clicking on links and inadvertently downloading ransomware. Hackers may trick victims into visiting these websites through social engineering tactics, such as phishing emails or online ads.
Software vulnerabilities: Vulnerabilities in software and operating systems can be exploited to give threat actors access to a computer or network and install ransomware. To prevent this, make sure that you regularly update your operating system, web browsers, and other software to their latest versions. Additionally, ensure that all security patches and updates are applied promptly.
Remote desktop protocol (RDP) attacks: RDP attacks occur when hackers gain access to a computer or network through an open RDP port. Once they gain access, they can install ransomware and demand payment for decryption. Installing and regularly updating antivirus software and firewalls can help protect your computer or network from ransomware and other types of malware. Firewalls can help block unauthorised access to your computer or network.
Drive-by downloads: In a drive-by download, a user’s computer is infected with ransomware simply by visiting a compromised website that has been injected with the malware. Antivirus software can detect and remove malicious programs.
The goldmine of personal data
While the original goal of ransomware was to encrypt data and request a ransom to get systems back online, many hackers now also exfiltrate data and sell it online. This makes ransomware more valuable for hackers and more of a threat for organisations. Shutting down operations is problematic enough – exposing and selling the personal details of customers can have legal, regulatory and reputational consequences.
Stay smart and protected
To protect against ransomware attacks, individuals and organisations should take steps such as keeping software and systems up to date, using antivirus software and firewalls, being cautious of email attachments and links, backing up data regularly, using strong passwords and multi-factor authentication, and educating employees on how to identify and avoid phishing emails and other forms of social engineering.
It is generally recommended not to pay the ransom, as this may encourage attackers to continue their criminal activities.
Backing up your data regularly is one of the most effective ways to protect against ransomware attacks. If your files are backed up, you can simply restore them from the backup instead of paying the ransom. Make sure that your backups are stored on a separate device or network, so that they cannot be encrypted by the ransomware attack. Additionally, affected individuals or organisations could seek the assistance of cybersecurity experts to identify and mitigate the attack.
With 78% of businesses in the Sophos study reporting a ransomware attack in 2022, it’s clear that in many cases it’s not a question of ‘if’ an attack will occur, but ‘when’ and ‘how badly’. Here are some actions that you can take if you believe you’ve fallen victim to a ransomware attack.
1. Disconnect from the network
As soon as you suspect that you may have been hit by ransomware, disconnect from the network immediately. This can help prevent the ransomware from spreading to other devices on the network.
2. Contact IT support
If you are in a work environment, contact your IT support team immediately. They can assess the situation and take steps to contain the ransomware.
3. Do not pay the ransom
While it may be tempting to pay the ransom to get your data back, there is no guarantee that the attackers will honor their promise. Additionally, paying the ransom encourages further criminal activity. Law enforcement agencies also advise against paying the ransom.
4. Restore data from backups
If you have backups of your data that were created before the attack, use them to restore your files. Ensure that the backups are not infected with the ransomware before restoring the data.
5 Consult with security professionals
Consult with a security professional or a reputable cybersecurity firm to assess the situation, identify the type of ransomware, and recommend steps to prevent future attacks.
6. Report the attack
The South African Police Service (SAPS) has a dedicated unit for investigating cybercrimes, known as the Cybercrime Investigation Unit (CCIU). The CCIU is responsible for investigating a wide range of cybercrimes, including identity theft, hacking, phishing, and ransomware. Contact the CCIU by calling their national toll-free number on 0800 701 701.
Getting hit by ransomware can be a stressful and challenging experience. However, by taking immediate action, disconnecting from the network, contacting IT support, not paying the ransom, reporting the attack, restoring data from backups, and consulting with security professionals, you can mitigate the damage and reduce the likelihood of future attacks.