How much South African firms pay ransomware gangs

Published: 2024-04-30 14:40 +02:00 by Nkosinathi Ndlovu tag: Information security

The average ransomware payment by South African companies is in the order of R18-million, new research has found.

The average ransomware payment by South African companies is in the order of $950 000 (R18-million), new research by information security firm Sophos has found.

Cybercriminals are becoming increasingly sophisticated in how they execute ransomware attacks as they try to maximise the amount of money they can extort from their victims.

According to John Shier, field chief technology officer at Sophos, a UK-headquartered software and hardware security company, cybercriminals are segmented in their approach to the market, using data to profile their marks and determine who to target and what ransom amount to demand from them.

The average ransom demand in South Africa is $975 675, lower than the global average of $2-million

Shier said the level of this profiling is apparent when analysing the differences in median and average rates for ransoms demanded (and those paid for) between different countries.

The Sophos State of Ransomware 2024 report (PDF) shows that the average ransom demand in South Africa is $975 675, lower than the global average of $2-million. Similarly, the average ransomware payment in South Africa is $958 110, with the global average at $3.96-million. The median amounted demanded locally, however, is $152 000, showing just how wide ranging the amounts asked for are.

“The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multimillion-dollar ransoms, there are others that settle for lower sums by making it up in volume,” said Shier. “There are different groups out there that go after different markets.”

Priced to the market

“Pricing is something that these criminals have worked on a lot. They are pricing their demands at levels that are sensitive to the local environment and they shift their pricing according to the size of the company and the country of the attack,” said Shier.

Cybercriminals are enjoying unprecedented successes in their attacks. Sophos data shows that the global average for ransom payments has increased fivefold, from $400 000 in 2022 to $2-million in 2023.

Among South African companies surveyed, 69% reported having experienced a ransomware attack, with 43% eventually paying the ransom to have their data decrypted.

Read: CIPC hack: customers urged to change passwords

But the costs of recovering from a ransomware attack stretch beyond payment of the ransom itself. There is an opportunity cost associated with downtime, losses to brand value and reputation, and additional IT spend to ensure that a secondary attack does not occur.

The Sophos report shows that South African companies spend an additional $1.04-million to recover from a ransomware attack, over and above the ransom paid. The cost was about $750 000 in 2023, showing that ransomware attacks are getting more expensive.

Sophos’s John Shier

The time it takes to recover from an attack is also increasing. According to the report, South African organisations are getting slower at recovering from attacks, with 41% fully recovered in up to a week, down from 53% in 2023. Some 26% took between one and six months, an increase from 19% last year. Longer downtimes imply additional costs, too.

Many organisations turn to cyber insurance to mitigate the financial risk that comes with a ransomware attack, but it is not a foolproof solution. According to Sophos, cyber insurance providers contributed to the ransom payment in 87% of incidents locally, but they never paid over the full amount. The cost of cyber insurance, on the other hand, is rising sharply, with many organisations questioning if they can even afford it.

“The ransomware insurance industry is relatively young, unlike vehicle or home insurance where actuaries have many decades of data to go on. It is going to take time for the pricing to be accurate because there are too many unknowns for insurance companies to give a proper premium,” said Shier.

Read: Itac withheld news of security breach to avoid ‘panic’

For South Africans, cybersecurity is a growing concern for individuals, businesses and the public sector, which has seen a number of its institutions breached in the first quarter of 2024. The latest on the list of hacked public institutions is the International Trade Administration Commission, which waited three months to alert stakeholders of the breach due to a lack of information surrounding the matter.

“Ransomware remains a major threat to South African organisations of all sizes. While the overall attack rate has dropped over the last year, the impact of an attack on those that fall victim has increased. As adversaries continue to iterate and evolve their attacks, it’s essential that defenders and their cyber defences keep pace,” said Shier. – © 2024 NewsCentral Media

Read next: Microsoft under fire over ‘shambolic’ security practices

Enhanced Investments, Inc.
329 South Oyster Bay Road #2085
Plainview, NY 11803
team@eninvs.com

Important disclosures

Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.

Nothing on this website should be considered an offer, solicitation of an offer, or advice to buy or sell securities.
Past performance is no guarantee of future results. Any historical returns, expected returns [or probability projections] are hypothetical in nature and may not reflect actual future performance.
All the strategies assume investments in equity invstrumenta only and are more relevant for "agressive investment profile". Eastern European flagship strategy assumes using up to 20% leverage of total portfolio. GlobalCommodities and US Growth strategy currently assume no leverage.
Results for the Enhanced Investments strategies as compared to the performance of Illustrative Benchmarks is for informational purposes only. Our investment program does not mirror that of the Illustrative Benchmarks and the volatility may be materially different from the volatility of Illustrative Benchmarks. Reference or comparison to an Illustrative Benchmark does not imply that strategies of Enhanced Investments will be constructed in the same way as the Illustrative Benchmark or achieve returns, volatility, or other results similar to those of the Illustrative Benchmark. The S&P 500 is an unmanaged market capitalization-weighted index of 500 common stocks chosen for market size, liquidity, and industry group representation to represent U.S. equity performance.
Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.