Compiled by Kotie Geldenhuys

As if the protests and looting in KwaZulu-Natal in July 2021 were not enough to paralyse port operations in Durban for more than a week, Transnet, which is responsible for handling the commercial sea route, was also targeted on 22 July 2021 with a strain of ransomware. Transnet is one of many companies and organisations in South Africa that have fallen victim to cyberhackers who use ransomware to steal data in exchange for large sums of money.

A ransomware attack is nothing other than extortion or blackmailing as the people behind these cyberattacks typically demand a ransom in exchange for the data they have stolen. During a ransomware attack, systems become inoperable as malware encrypts files on a device or network (Shapshak, 2021). Unfortunately, it is extremely difficult to prevent ransomware from entering a company’s systems as Jack Garnsey, the Product Manager of Security Awareness Training and SafeSend at VIPRE in the UK, explains. He said that it only takes one employee to click on the wrong link in an e-mail or download a malicious attachment (Garnsey, 2021). According to the security firm Kaspersky, the victims of such an attack have one of three choices after being exposed to it: they can either pay the ransom, try to remove the malware or restart the device (Kaspersky, 2021).

Ransomware attacks are on the increase and tactics have evolved during the years. According to Jack Garnsey from VIPRE in the UK, “these types of attacks can be used in combination with social engineering targeting, such as phishing e-mails, without having to rely on file-based payloads” (Garnsey, 2021). Kaspersky reminds us that South Africa ranks third in the world when it comes to targeted ransomware attacks. From 2019 to 2020, there was a shocking 767% increase in targeted ransomware, while general ransomware attacks decreased by 29%, globally (Shapshak, 2021). The 2020 IBM Security X Force report states that during the peak of the COVID-19 pandemic in 2020, ransomware incidents “exploded” as hackers took advantage of remote workers who are not close to get the assistance of their IT teams. During June 2020, twice as many ransomware attacks happened compared to May 2020 (Weston, 2020). Information published by Cyanre, the Digital Forensic Lab in Centurion, Pretoria reveals that a big problem is cryptocurrencies, such as Bitcoin, as people can receive digital payments without revealing their identity. This makes ransomware attacks safer and more lucrative, which is a dangerous combination (Cyanre, 2021).


[This is only an extract of an article published in Servamus: October 2021. If you are interested in reading the rest of the article, send an email to: This email address is being protected from spambots. You need JavaScript enabled to view it. to find out what you need to do. Other issues that are discussed in this article deal with South African ransomware attacks and types of ransom; how big companies are not the only targets; deciding whether or not to pay the ransom; the damage caused by such an attack; the cost and possible perpetrators of such attacks. We also deal with reporting and the fact that protection and prevention are better than cure.]