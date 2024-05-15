Africa, and specifically South Africa, saw a significant increase in cyber extortion — more commonly known as ransomware — attacks between Q2 2023 and Q1 2024.

This is according to Cyberdefense senior security researcher Wicus Ross, who said South Africa’s victim count increased by 107% over the period.

“For the period analysed, Africa saw the second-highest increase globally as a percentage,” said Ross.

However, he noted that while this paints a bleak picture, the frequency of incidents is far lower than in Europe, Latin America, and the United Kingdom.

“This may sound alarming, but comparing victim counts, we see that Africa has 28 times fewer victims. Europe, Latin America, and the United Kingdom have far more victims, but the change in victim count for the period was relatively lower,” said Ross.

Regarding South Africa, he said the dramatic increase in Cyber Extortion incidents is concerning, but this doesn’t mean the situation is disastrous.

“Even though we see a dramatic increase in Cy-X (Cyber Extortion) in South Africa, we need to be cautious in assuming that the proverbial sky is falling,” he said.

Citing a study published in April 2024, Ross said South Africa ranks 14th among 15 countries for the most impactful source of cybercriminal activity.

“The types of actions associated with South African cybercrime were predominantly scam-based, but South Africa scored quite low on the ‘Tech’ based attacks,” he said.

“This tells us that South African cybercriminals are just your normal fraudsters and scammers using social media, email, SMS, and the like to dupe victims.”

South Africa is breaking the trend regarding the most targeted industry, with cybercriminals frequently attacking finance and insurance, educational services, and professional service businesses.

“Globally, we observe Manufacturing and Professional Services being impacted the most,” he added.

“It is not clear why South Africa and Africa are exhibiting different trends compared with the global average, but one may be able to imagine that Africa is not a continent known for its manufacturing and professional services industries.”

He added that attackers may think businesses in Africa’s finance and insurance sectors are likely better positioned to pay their demands.

Regarding vulnerability, small and medium businesses in South Africa are likely the most vulnerable to cybercrime, and Ross says businesses will require strong controls in place to protect themselves.

“Technical controls should also be considered, such as good account authentication practices in the form of multi-factor authentication and, where possible, phishing-resistant FIDO2 passkeys,” he said.

Local companies paid ransomware attackers an average of R17.9 million

Sophos’s State of Ransomware in South Africa report for 2024 revealed that the mean ransom payment made by firms was $958,110 (R17.9 million).

However, the average recovery cost, which excludes ransomware payments, was $1.04 (R19.44 million).

This impaired businesses’ ability to recover from these attacks, significantly increasing recovery time.

Sophos’s report is based on a survey of 330 IT and cybersecurity firms conducted between January and February 2024.

According to the responses, all impacted South African businesses could recover their encrypted data. However, 43% admitted to paying the ransom instead of recovering from backups.

The median ransom amount paid was $152,000 (R2.84 million), significantly lower than the mean. This indicates that the data includes a significantly higher portion of lower ransomware payments.

The mean is the sum of all the ransoms divided by the number of data points, whereas the median is the data point found in the middle of the dataset when ranked from lowest to highest.

Sophos also highlighted that 71% of ransom demands were $250,000 (R4.67 million) or less.