You’re safe from ransomware – if you have R6.4bn lying around

Ransomware attacks have massively increased since the start of lockdown. Here’s what you need to know to protect your company.

When hackers targeted Transnet’s computer systems in late July this year, logistics at major ports ground to a near-halt for the second time in a month (following the protests and looting) as the company was forced to switch to manual cargo processing. “The IT industry has seen a massive increase in ransomware attacks since the start of lockdown, when companies’ digital footprints increased as remote work became the norm,” says Marilyn Moodley, Country Leader for South Africa and WECA (West, East, Central Africa) at SoftwareONE. Problematically, many organisations unfortunately only realise too late that ransomware protection is a business issue and not an IT issue.”

Marilyn Moodley
Rosebank, Johannesburg.
South Africa
22 April 2021
Photograph: John Hogg

This past year, JBS SA, PPS and Life Health Care group’s hospitals were just some of the companies that made headlines after similar attacks – at massive cost not only from a financial perspective, but also in terms of downtime and job losses. Sophos’ State of Ransomware 2021 global report showed that the average cost of remediating a ransomware attack in South Africa is R6.4bn.

In the first 100 days of the lockdown alone, Mimecast researchers detected huge increases in spam attacks (up 46%), impersonation attacks (up 75%) and malware, which spiked by 385%. Nearly half (45%) of the South African respondents said ransomware attacks had impacted their organisation. “And not only large corporates are at risk – but attackers also see SMBs as an ideal target because they are unlikely to have sophisticated defences,” says Moodley.

How it works

Ransomware is a type of malware that infects a computer or device and attempts to force a victim to pay a ransom to regain access to files – or to prevent sensitive information from being leaked.

In most cases, the malware is installed on a system after a user clicks on a link or downloads an attachment. “By now, most users know not to click on the link in an email congratulating them on a massive inheritance from some unknown uncle – which would likely lead to a system infection. But the attacks are more sophisticated than ever. Now, an email could seemingly come from your boss sending you an employee appreciation gift card or could feature a dangerous attachment posing as an invoice from a client. Just clicking on a link, without installing anything, can download a ransomware code,” says Moodley. Despite 99% of South African respondents in the study having received IT security awareness training, half still admitted to opening emails they considered suspicious.

Protecting your business

“Today, the question isn’t if you will get hit by a ransomware attack, but when,” says Moodley. She offers these essential tips to protect your business:

  • Awareness is key. The  stats show that since the onset of the pandemic, employees worldwide have been clicking on malicious URLs embedded in emails three times as often as before. Training employees is an essential step in preventing ransomware attacks.
  • Antivirus is non-negotiable. Newer software using AI can predict new malware signatures and should be installed on all endpoints, including servers.
  • Run regular tests. Malicious code generally needs to engage in a pattern of behaviour as part of a ransomware attack, so it’s important that companies test for these attack patterns and ensure their security controls’ effectiveness.
  • Plan for the worst. Specialised cybersecurity insurance, or at least insured protection against business downtime due to cyber attacks, should form part of your bottom line.
  • Back it all up. “The attack on Transnet highlighted the importance of having a backup solution in place. In the wake of a ransomware attack, the immediate priorities for most organisations are to uncover the cause, communicate with leadership and customers, and restore corrupted files. But most organisations simply don’t have the manpower to conduct all three. That’s why a service like SoftwareONE’s BackupSimple powered by Metallic is so beneficial. We conduct the restore so customers can focus on the rest. Our new partnership with Commvault also means our cloud-based managed service offering gives businesses, big and small, the confidence they need to know they’re protected,” says Moodley.

About SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions, headquartered in Switzerland. With capabilities across the entire value chain, it helps companies design and implement their technology strategy, buy the right software and cloud solutions at the right price, and manage and optimize their software estate. Its offerings are connected by PyraCloud, SoftwareONE’s proprietary digital platform, that provides customers with data-driven, actionable intelligence. With around 5,800 employees and sales and service delivery capabilities in 90 countries, SoftwareONE provides around 65,000 business customers with software and cloud solutions from over 7,500 publishers. SoftwareONE’s shares (SWON) are listed on SIX Swiss Exchange. For more information, please visit