Read time: 3 minutes

Africa held to ransom

By , Portals editor
Africa , South Africa , 06 May 2021

Ransomware has emerged as one of the three main cyber threats in Africa, with countries like South Africa and Zambia among the hardest hit.

According to the Sophos “State of Ransomware 2021” report, 24% of respondents from South Africa had experienced a ransomware attack in the last 12 months – the same proportion as the year before, and the average cost of remediating a ransomware attack in South Africa was US$447,097.

The report added that fewer organisations had data encrypted as the result of a significant ransomware attack: 44% in 2021, compared to 56% in 2020.

Moreover, 42% of respondents from South Africa that weren’t hit by ransomware in the last 12 months but expect to be hit in the future believe that ransomware attacks are getting increasingly hard to stop due to their sophistication. 31% of respondents from South Africa that weren’t hit by ransomware in the last 12 months but expect to be hit in the future say it is hard to stop their users from compromising the organisation’s security.

At the beginning of 2021, Yash Pillay of Trend Micro said if the South African financial industry, and indeed the public at large, can learn one thing from the 2020 data breach at credit information agency Experian, it should be this: human fallibility is still the weakest link in the fight against cyberattacks.

“By using standard social engineering techniques - simply asking the right question at the right time - the 2020 Experian fraudster, posing as a client, gained access to 24 million individual personal records, as well as confidential financial information for almost 800,000 companies. Similarly, 2020’s Twitter data breach saw of hundreds of high-profile accounts breached, similarly achieved with one simple phone call to an unsuspecting technician. Whether it’s in the form of a low-tech phone call and traditional phishing email or a more sophisticated malware and ransomware invasion via non-reputable applications and uncertified websites on unsecured networks, the holes are getting easier to open and the attacks more difficult to spot,” said Pillay.

In October 2020 François Amigorena, founder and CEO of IS Decisions, said: “Ransomware has become increasingly dominant in recent times and continues to evolve. Never before have companies in Africa been subjected to extortion on such a massive scale as they are today. And while there have been a number of high-profile cyber-crime arrests made by law enforcement over the past few years, cyber criminals continue to evolve and diversify their arsenal. Key preventative and proactive measures such as two-factor authentication are needed to provide additional layers of defense against ransomware.”

In mid-March, ICT and telecommunications Paratus Zambia referenced a recent article published by which states that 92% of malware is usually delivered by email, and hackers attack every 39 seconds and, on average, 2 244 times a day.

They also projected that the cost of global cyber-crime related damage is anticipated to be R87-trillion this year alone, equivalent to over 127-trillion Kwacha.

In its statement to the media, Paratus Zambia added that according to the Overseas Security Advisory Council’s Zambia 2020 Crime and Safety Report, “Cybercrime is an increasing problem in Zambia and poses a danger of grave financial loss.”

Global ransomware attacks

Globally, the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from US$761,106 in 2020 to US$1.85-million in 2021. The average ransom paid is US$170,404. The global findings also show that only 8% of organisations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.

Sophos added: “While the number of organisations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organisations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020), the new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack.”

Chester Wisniewski, principal research scientist, Sophos, said, “The apparent decline in the number of organisations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviours. We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.”

The main findings of the State of Ransomware 2021 global survey include:

· The average cost of remediating a ransomware attack more than doubled in the last 12 months. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, on average.

. The average ransom paid was $170,404. While $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organisations paid ransoms of $1 million or more.

· The number of organisations that paid the ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all of their data

“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay. Despite more organizations opting to pay a ransom, only a tiny minority of those who paid got back all their data,” said Wisniewski. “This could be in part because using decryption keys to recover information can be complicated. What’s more, there’s no guarantee of success. For instance, as we saw recently with DearCry and Black Kingdom ransomware, attacks launched with low quality or hastily compiled code and techniques can make data recovery difficult, if not impossible.”

More than half (54%) of respondents believe cyber attacks are now too advanced for their IT team to handle on their own. Additionally, extortion without encryption is on the rise. A small, but important 7% said that their data was not encrypted, but they were held to ransom anyway, possibly because the attackers had managed to steal their information. In 2020, this figure was 3%.

“Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data,” said Wisniewski. “Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more. Further, the definition of what constitutes a ‘ransomware’ attack is evolving. For a small, but significant minority of respondents, the attacks involved payment demands without data encryption. This could be because they had anti-ransomware technologies in place to block the encryption stage or because the attackers simply chose not to encrypt the data. It is likely that the attackers were demanding payment in return for not leaking stolen information online. A recent example of this approach involved the Clop ransomware gang and a known financially-motivated threat actor hitting around a dozen alleged victims with extortion-only attacks.

“In short, it is more important than ever to protect against adversaries at the door, before they get a chance to take hold and unfold their increasingly multi-faceted attacks. Fortunately, if organizations are attacked, they don’t have to face this challenge alone. Support is available 24/7 in the form of external security operations centers, human-led threat hunting and incident response services.”

The State of Ransomware 2021 survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2021. The survey polled 5,400 IT decision makers in mid-sized organisations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

Daily newsletter