If you think that you’re immune to ransomware attacks because you’re a medium-sized business at the bottom end of the African continent, think again. According to an industry report on cyberattacks and ransomware, more than 6 out of 10 South African companies surveyed said they’d been victims of a ransomware attack. These figures were published in the Mimecast State of Email Security Report, which showed that the average ransomware attack costs a company R30 million a year per successful attack.

These costs are often incurred even when successfully fighting off a ransomware attempt, due to interruptions in business operations, lost sales and production, and then the cost of restoring and protecting IT infrastructure.
 

What is ransomware?

Ransomware is the digital age’s form of piracy. It allows hackers to gain control over your IT network so that all your operations are disrupted. Then they demand a ransom to unlock your systems and give you back control.

Given our dependence on IT systems, you can see how easily your business can grind to a halt. You might be able to escape the digital hold the hackers have over your systems, but you’ll be spending a lot of money to break that hold and recover all your data and systems.

The hackers typically gain access to your IT systems through some form of cyber or phishing attack to get the necessary credentials to take over your systems. This could take many months to complete, even though criminal syndicates are stepping up their efforts. Mimecast reported a 64% rise in threats compared to 2019.
 

Ransomware in South Africa

According to the Interpol African Cyberthreat Assessment Report released in October 2021, South Africa was heavily affected by targeted ransomware in the first quarter of 2021. From January 2020 to February 2021, the country was targeted in 230 million attacks.

Scammers naturally follow the money, making easy targets of unprepared South African enterprises. This is probably why the country suffers an estimated 577 malware attacks every hour, according to Interpol.

Mimecast also reported that, of the companies successfully attacked, 52% paid the ransom. Most worrying, however, is that of those who paid, only two-thirds managed to recover their data. The rest were left out of pocket, and without functional IT systems.
 

Avoid becoming a target

Confirm with your IT team that you’ve taken the necessary precautions to protect your systems against attacks and that they have made copies of restorable data. Basic protections should include applying all patches and updates to system software, ensuring you have the best spam and malware filtering software, and blocking the use of dark-web browser Tor.

Build strong cyber awareness and discipline across your organisation. Criminal gangs are constantly looking for a weak link in the chain that will give them access to your systems. You can minimise these threats by encouraging staff not to open untrusted email attachments, never click on unverified links, only use sites they trust and never give out personal information.

Ignoring these basic and more complex protections in the digital age are the same as handing out signed, blank cheques to passers-by (in the days when cheques were still in use).

Cyberattacks are a real threat and will remain so if you don’t install defences strong enough to prevent them.