South Africa is seeing an increase in ransomware. Malware called ransomware encrypts files and makes them useless. Then, in exchange for decryption, criminals demand a ransom.
South Africa is seeing an increase in ransomware. Malware called ransomware encrypts files and makes them useless. Then, in exchange for decryption, criminals demand a ransom. A ransomware attack affected 78% of South African organisations last year, according to Sophos’ The State of Ransomware in South Africa 2023 report.
200 respondents from South Africa made up the survey’s sample of 3,000 IT/cybersecurity leaders working for medium-sized businesses (100–5,000 employees) in 14 different countries. In the previous 12 months, ransomware attacks were reported by 66% of respondents from around the world.
Attacks in South Africa were primarily the result of exploited vulnerabilities, which accounted for 49% of incidents. With 35% of the data stolen, compromised credentials were the second most common attack type.
The largest increase was in South Africa, where the attack rate increased from 51% in 2022 to 78%. The global average is 97%, but 100% of the organisations whose data was encrypted got their data back. Data restoration from backups was the most popular method, with 76% of all data restorations coming from backups.
The survey found that 45% of South Africans who had their data encrypted but still paid the ransom did so in 2022. However, one survey participant claimed to have paid a $5 million ransom or more.
The average cost for South African businesses, excluding ransom payments, was $0.75 million (R14 million). The attacks caused 82% of private sector organisations to lose business or revenue, while the global average was 84%.
53% of South African businesses said it took them a week to recover. 29% of respondents said it took up to a month, while 19% said it took between one and six months. 98% of South African respondents claimed to have some sort of cyber insurance, with 47% having a stand-alone cyber policy. Around the world, only 91% of people have cyber insurance, and 47% also have a separate policy.
98% of South African organisations that had purchased cyber insurance reported that the strength of their defenses had a direct impact on their insurance position. 61% of respondents said it affected their premium costs, but 66% said it had an effect on their ability to get coverage.
In the previous year, ransomware attacks were said to have affected 80% of respondents with lower education levels and 79% of respondents with higher education levels globally.
The data indicates that criminals target their weak points, and Sophus claims that education struggles because it receives less funding and technology than other industries. The IT, tech, and telecom sectors reported the fewest attacks (50%) overall.