Johannesburg, 20 Oct 2021
New research shows that ransomware is making money for criminals and costing South African organisations millions. This emerged during a ransomware webinar hosted by KnowBe4 and ITWeb last week.
Anna Collard, SVP of content strategy & evangelist, KnowBe4 Africa, said: “Ransomware is a massive issue for society as a whole, and can have a real impact on our economy. Cyber crime is profitable and easy, so it is not surprising that the volume of attacks is growing.”
The problem just keeps snowballing. It’s a perfect storm.
Charl van der Walt, Orange Cyberdefense.
The first KnowBe4 / ITWeb Ransomware Survey conducted in September this year found that 32% of respondents had fallen victim to ransomware, with 48% of those experiencing a significant or very significant impact on their business operations as a result. 19% of respondents said they might pay a ransom in the event of an attack, and 5% said they would pay.
“Five percent is higher than some direct marketing success rates, so this shows that it really is a profitable operation to be involved in,” said Collard.
Nearly one in four (24%) of those who had been attacked said they had incurred over R1 million in damages and costs as a result.
The study also found that the top root causes of ransomware gaining a foothold in these environments were social engineering (27%), unpatched software (16%), misconfiguration (11%) and password issues (8%).
“This mirrors other reports, which have also found that social engineering, unpatched software and password or credential theft are the top attack vectors,” Collard said.
Charl van der Walt, head of security research at Orange Cyberdefense said: “Cyber crime is a massively profitable industry, where some players are taking out hundreds of millions of dollars – consequence free. In addition to this, a general accumulated failure to take the necessary measures to mitigate risk, and law enforcement’s inability to prosecute, mean the problem just keeps snowballing. It’s a perfect storm.”
Cyber crime is profitable and easy, so it is not surprising that the volume of attacks is growing.
Anna Collard, KnowBe4 Africa.
Noting that ransomware had become prolific around the world, van der Walt explained: “It starts with initial intrusion through relatively common and unsophisticated methods. This initial access is often sold to another group who use well known techniques to move laterally through your environment and exfiltrate data, and then trigger encryption. Then the ransom negotiations begin.” How a ransomware attack ends is typically with leaked data and public shaming, and significant costs to the victim, he said.
The ransomware ecosystem runs like a business, he said, with CEOs, incentives, partners or affiliates, and even specialisations.
“We have now just over 3 000 recorded leaks we have observed and documented first-hand. Attacks tend to track GDP, but basically every country falls victim. We observe two or three industries falling victim most – including manufacturing, professional, scientific and technical services, as well as retail and wholesale.”
Van der Walt said there was little evidence that threat actors target specific industries, but rather it appeared that attacks were opportunistic and more evident among businesses with an inadequate security posture. Because of multiple types of extortion now being carried out, he said the term ransomware should be replaced with Cy-X or cyber extortion, which describes the security of a corporate digital asset being compromised and exploited.