The KnowBe4 ( and ITWeb Ransomware Survey took a deep look into the South African organisation, finding that ransomware and cybercrime are increasingly impacting organisations on the continent. While many companies (32%) were attacked in 2021, some multiple times (12%), 64% of organisations believe they are prepared, and 67% would not pay the ransom. According to Anna Collard, SVP Content Strategy&Evangelist at KnowBe4 Africa, the South African market with its growing economy and cyber dependence, is becoming increasingly tasty as a cyber extortion snack.

“It is natural for cybercriminal organisations to look at emerging economies for future attacks, as they are often not as prepared as the rest of the world,” she adds. “Many South African sectors have a high cyber dependence and, as we have seen with recent attacks, such as the Department of Justice (DoJ) and Transnet, successful ransomware attacks have a direct impact on economy and infrastructure. Right now, organisations need to collaborate to increase preparedness.”

This preparedness starts with understanding the landscape and recognising how successful extortion attacks can fundamentally impact the business bottom line, and the public sector’s service delivery. The public sector is concerned about its lack of preparedness – only 30% of the respondents in the public sector believed they were prepared enough – when it comes to cybersecurity training and systems, and this is one sector that cannot afford to lose money to a hack. The recent DoJ hack saw thousands of people affected, many in very dehumanising ways, as systems could not process death certificates, manage child support payments and effectively handle court proceedings. This is just one example of how long the tail of extortion crime can be.

“Ransomware, along with other types of extortion cybercrime, require a systemic response that is designed to prevent and mitigate its impact,” says Collard. “Along with understanding how poor security and training can impact the business or public sector services, it is important to recognise how the process works and how professional these organisations have become.”

Companies held to ransom are sent to “shaming sites” where they are then met with a landing page that has a countdown timer – how long they have to pay– and the amount they need to pay. They can then engage with the criminals to negotiate the ransom, receive payment instructions and get their data returned to them or a promise from the criminals that they will not release the stolen data.

The entire kill chain, from start to finish, follows a number of steps. First, one group is used to undertake the initial attack typically by using social engineering tactics such as phishing or by using insecure Microsoft Remote Desktop (MRDP) connections, password guessing or the exploitation of a software weakness to gain access to the network. Once inside, they move laterally across the environment, exfiltrating and encrypting as much data as possible. To add extra pressure, attacks can also include backup destruction, bribing of internal employees or combining the extortion with the threat of taking down systems via distributed denial of service attacks.  Finally, negotiation for the ransom is handled by the ransomware operator.

“There are at last two parties involved in a typical case – the operators and their affiliate partners,” says Collard. “Once the payment has been verified, the victim is sent the decryption tool and regains access to their data.”

Research by Orange Cyber Defense has found that even though there are some countries and sectors that appear to be the most often attacked, there are victims in every country and sector. The U.S., Canada, France, UK, Germany and Italy are the most often attacked due to victim attractiveness following national GDP. Industries most consistently tracked on leak sites were manufacturing followed by professional scientific services and sectors with a strong reliance on technology.

“It does not matter what sector or country you are in, what matters is how weak your defences are,” concludes Collard. “In South Africa, it is becoming incredibly important for companies to adequately prepare against this growing cyber extortion threat.”

Distributed by APO Group on behalf of KnowBe4.

Send us your press releases to

© Press Release 2021

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.