South Africa’s Cyber Extortion Crime Situation
The KnowBe4 and ITWeb Ransomware Survey investigated the South African organization and discovered that ransomware and cybercrime are increasingly affecting organizations on the continent.
While many businesses (32%) will be attacked in 2021, some multiple times (12%), 64 percent believe they are prepared, and 67 percent will not pay the ransom.
According to Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, the South African market is becoming increasingly appealing as a cyber extortion snack due to its growing economy and reliance on technology.
“It is natural for cybercriminal organizations to look to emerging economies for future attacks, as they are frequently less prepared than the rest of the world,” she adds.
“Many South African sectors rely heavily on cyberspace, and as we’ve seen with recent attacks on the Department of Justice (DoJ) and Transnet, successful ransomware attacks have a direct impact on the economy and infrastructure.” Right now, organizations must work together to improve preparedness.”
This preparedness begins with understanding the landscape and recognizing how successful extortion attacks can have a significant impact on the bottom line of businesses and the delivery of public services. When it comes to cybersecurity training and systems, the public sector is concerned about its lack of preparedness – only 30% of respondents in the public sector believed they were adequately prepared – and this is one sector that cannot afford to lose money due to a hack. Thousands of people were affected by the recent DoJ hack, many in very dehumanizing ways, as systems were unable to process death certificates, manage child support payments, or effectively handle court proceedings. This is just one example of how long the extortion crime can have a long tail.
“Ransomware, along with other types of extortion cybercrime, requires a systemic response that is designed to prevent and mitigate its impact,” says Collard. “Along with understanding how poor security and training can impact the business or public sector services, it is important to recognise how the process works and how professional these organisations have become.”
Companies held hostage are directed to “shaming sites,” where they are met with a landing page that includes a countdown timer – how much time they have to pay – and the amount they must pay.
They can then negotiate the ransom, receive payment instructions, and have their data returned to them, or they can get a promise from the criminals that they will not release the stolen data.
The entire kill chain, from beginning to end, is comprised of several steps. First, one group is used to launch the initial attack, which typically involves using social engineering techniques such as phishing or insecure Microsoft Remote Desktop (MRDP) connections, password guessing, or the exploitation of a software flaw to gain network access.
They move laterally across the environment once inside, exfiltrating and encrypting as much data as possible. Attacks can also include backup destruction, bribing internal employees, or combining extortion with the threat of bringing down systems via distributed denial of service attacks to add additional pressure. Finally, the ransomware operator handles the ransom negotiation.
“In a typical case, there are at least two parties involved – the operators and their affiliate partners,” Collard says. “After the payment is verified, the victim receives the decryption tool and regains access to their data.”
According to Orange Cyber Defense research, even though some countries and sectors appear to be the most frequently attacked, there are victims in every country and sector.
Following national GDP, the most frequently attacked countries are the United States, Canada, France, the United Kingdom, Germany, and Italy. Manufacturing was the industry most consistently tracked on leak sites, followed by professional scientific services and sectors heavily reliant on technology.
“It doesn’t matter what industry or country you’re in; what matters is how weak your defenses are,” Collard concludes. “It is becoming increasingly important for businesses in South Africa to adequately prepare against this growing cyber extortion threat.”
