Cybersecurity News South Africa

Ransomware attacks in SA becoming increasingly targeted

Kaspersky dubbed 2019 'The year of ransomware attacks on municipalities'. This followed research which showed that hundreds of municipal institutions across the globe were targeted by ransomware during the last year - where South Africa was not immune.

While attacks on municipalities continue and remain a worry, ransomware is also being used for targeting other public entities - and is becoming more targeted and the pattern of enticing forced payment is developing in 2020.

Speaking on the company’s research during a recent Kaspersky Partner conference held in Cape Town, Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky, said: “Municipalities remain a target for ransomware attacks, evident by the 60% increase we saw in these attacks globally from the 2018 figure.”

Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky
Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky

“However, 2020 has already marked the trend where other public/community entities, even low-funded public non-profitable organisations (NPOs) that were not targeted that actively before, such as libraries or religious centres, are also falling victim to this type of attack.”

“This trend is also leading to a complete and full de-romanticising of hacking, as the image many people once held of hackers as ‘political warriors’ is rapidly changing as more people come to understand and accept that unethical hacking is a preserve of criminals,” adds Yamout.

Kaspersky notes that the most distinctive trend is that ransomware is becoming increasingly more targeted. While 2019 saw ransomware exploits being highly targeted against specific businesses, as well as local government organisations, attackers are now spending more and more time on intelligence gathering to penetrate targets’ security perimeters.

Researchers who gathered at the conference also noted that they see more and more cases where attacks are performed manually, in a time-consuming, yet efficient manner that was not very typical for small-scale attackers previously.

Further to this, Kaspersky research has highlighted that ransomware continues to look for new angles and leverages to force victims to pay.

“The pattern we are seeing actively developing in 2020 is that instead of making files unrecoverable, threat actors threaten to publish data that they have stolen from the victim company. We already see threat actors creating websites dedicated specifically for publishing gigabytes of stolen corporate data,” says Yamout.

In 2019, Kaspersky detected more than 120,000 ransomware attacks in South Africa. The figure, to date, for 2020 is only 4,000, in two months into the year. However, the researchers note that this decrease is a sign of the attackers focusing on quality instead of quantity.

The largest share (20%) of these attacks were performed with ransomware previously seen among the top-3 malware that encrypted cities in 2019 and which are now responsible for the largest share of ransomware attacks targeting South Africa.

Ransomware attacks in SA becoming increasingly targeted

Commenting on the ransomware issues in the region, Eugene Kaspersky, CEO of Kaspersky, said: “The nature of the threat landscape leads to a ‘survival of the fittest’ scenario, with ransomware writers and distributors adjusting and updating their arsenals constantly.”

“However, one thing remains stable: the companies that keep cyber-protection as a top priority and that have dedicated professionals to monitor the situation are not subject to the vast majority of attacks and may be quite close to being almost immune.”

“Even for smaller organisations, with no security departments, there needs to be a good basic level of security to ensure that they are protected. This means arming oneself with quality security solutions and keeping them up to date; only this will make the cost of a cyberattack far outweigh any benefit to the attacker.”

Let's do Biz