South Africa has consistently been the primary target for ransomware and business email compromise among African countries. 2023 witnessed a significant surge in ransomware attacks across diverse industries within the country.

According to the latest State of Ransomware report by Sophos, a staggering 78% of the South African companies surveyed reported being subjected to a ransomware attack in the past year. This represents a notable increase from the 51% reported in the previous assessment period.

“As the African economy undergoes a digital transformation, cybercriminals are seizing new opportunities with equal intensity,” says Stephen Osler, co-founder and business development director at Nclose. “Both the public and private sectors faced high-profile ransomware attacks that posed a threat to critical infrastructure and businesses.”

For instance, in June 2023, The Development Bank of South Africa reported being held ransom, while Porsche South Africa experienced a successful attack in February that resulted in the disruption of multiple systems. “Unfortunately, these incidents are not isolated, as many other organisations have also fallen victim to cyberattacks over the last few months,” says Osler.

Because the methods employed by cybercriminals are increasingly pervasive and sophisticated, it poses a challenge for companies to fortify their systems and safeguard against potential harm. “The landscape of threats is constantly evolving, and attackers employ cunning and deceptive methods that are easily overlooked,” warns Osler. “The relentless surge of phishing messages, designed to manipulate individuals into making errors, is growing in magnitude.”

Added to this pile of complexity are the usual points of weakness. Factors such as poor security practices, weak passwords, inadequate system patching, zero-day threats, and unexpected vulnerabilities create opportunities for ransomware incidents. These incidents can cause significant reputational and financial damage, as they effectively shut down digital operations for extended periods.

New variants of ransomware also emerge. Late in 2022, a particularly destructive form of malware known as “Agenda” was detected in Thailand, Indonesia, Saudi Arabia, and South Africa, focusing specifically on targeting healthcare and educational institutions. Agenda’s sophisticated capabilities allow it to bypass antivirus processes, change passwords, encrypt data, and gain unauthorised access to systems using new credentials. If not effectively contained, this malware can infect an entire network, leading to severe consequences.

“Although Agenda represents an extreme case, the economic impact of ransomware attacks is devastating, particularly for businesses lacking the resources to detect, mitigate, and respond to such threats,” says Osler.

And cybercrime pays well. Ransomware-as-a-service has proven to be an extremely profitable business model, making countries like South Africa prime targets for cyber criminals because of the relatively lacklustre level of cyber security measures in place. “Traditional cyber security solutions struggle to intercept and contain these so-called zero-day threats effectively. As cybercriminals become more innovative in their tactics, IT teams must seek flexible security solutions capable of adapting to alternative forms of malware.”

Looking ahead, cybersecurity professionals are still highly concerned about email security. “Ransomware attacks still mainly occur through email phishing or business email compromise. These attacks use advanced social engineering tactics to trick unsuspecting victims into clicking on harmful links or disclosing sensitive information. The content of these messages is expertly crafted and visually appealing, often making it challenging to tell whether an email originates from a legitimate institution or a phishing source.”

There is some good news too. Syndicates are being apprehended, threats are being mitigated, and security teams are becoming more proactive. Staying ahead of these threats is a balancing act that is supported by continuous training, unwavering vigilance, and the invaluable help of a trusted third-party managed security service provider. “By leveraging their expertise and understanding of the ever-changing landscape, businesses can confidently protect themselves against emerging threats,” Osler concludes.