Ransomware Attacks a Growing Threat to African Businesses

ADF STAFF

Nearly 80% of South African businesses experienced a ransomware attack in 2023, up from just over half the previous year, an indication of the growing threat cybercriminals pose to Africa’s rapidly expanding online presence, according to industry experts.

The attackers often are anonymous, but their weapons have names such as BlackCAT and LockBit, and they’re deployed with a single goal: to paralyze a company’s or government’s computer systems until victims pay to have access restored.

Ransom demands can range from thousands to millions of dollars. But ransom payments are just one element of recovery costs. Excluding any ransoms paid, organizations reported an estimated mean cost to recover from ransomware attacks of $1.82 million.

Ransomware attacks are spreading rapidly across the globe. A survey by cybersecurity firm Sophos found that 66% of companies worldwide reported some kind of ransomware attack in 2023, compared to 51% in 2020. In South Africa, the only African country on the survey, 78% of the 200 companies surveyed reported a ransomware attack in 2023.

Emails are the starting point for about 30% of ransomware attacks worldwide, according to Sophos. Energy and transportation providers are popular targets for ransomware attacks, Interpol reports.

The COVID-19 pandemic propelled African nations’ rapid expansion of internet-based businesses, banking and other services. However, that new business — typically conducted via smartphone — outpaced efforts to keep users safe from online thieves and schemers.

As ransomware attacks have increased, the window between criminals gaining access to a computer system and launching their ransomware attack has shrunk from five days in 2021 to less than one in 2023. That means potential victims have less than 24 hours to detect a breach and counter it, according to Stu Sjouwerman, writing for South African cybersecurity firm KnowB4 Africa’s blog.

“In other words, the cybercriminals are winning,” Sjouwerman wrote. “It’s likely this quickening of dwell time is resulting in more successful attacks.”

Increasingly, the attackers are not the same people writing the malicious code. Ransomware has become an industry unto itself with coders creating the invasive programs and offering them to buyers for a percentage of the ransom — a strategy that drives ever-larger demands.

The strategy is known as ransomware-as-a-service (RaaS). RaaS companies are sophisticated enough to provide their victims with technical support to help them restore their systems after they pay the ransom.

Ransomware groups have begun to focus their attention on countries in eastern and southern Africa, drawn by weak cybercrime laws and a lax approach to cybersecurity, according to Bright Gameli Mawudor, a Kenya-based cybersecurity expert.

“This is just the beginning as cyber criminals are about to explore more in the East African space with possibility of later expanding to the entire Africa region,” Mawudor wrote in an essay published on LinkedIn.

Investigators with Interpol’s Africa Cybercrime Operations have called for countries across Africa to share information about cyberattacks and attackers to coordinate countermeasures and identify perpetrators. Continentwide programs such as Africa Cyber Surge have identified thousands of suspicious websites and led to the arrest of online scammers.

Ransomware attacks take advantage of weak passwords, outdated or unpatched software, and simple human error (opening a fraudulent email) to gain access to an organization’s data, according to Kevin Wotshela, managing director for Johannesburg-based Magix software company.

“Even though cyber-attacks cost the South African economy R2.2 billion [$118 billion] per year, these vulnerabilities are often not understood or tested, with most business decision makers only acting after an attack has occurred,” Wotshela wrote recently for IT Web Africa.