Ransomware Is Targeting South African Businesses
South Africa has seen a dramatic increase in ransomware attacks over the past two years. From small accounting firms to manufacturing companies, attackers are not discriminating — if you have data and can pay, you're a target. The average ransom demand in South Africa now exceeds R500,000, and recovery costs often double that amount.
The good news? Most ransomware attacks are preventable with basic security hygiene. Here's your checklist.
The 10-Step Ransomware Protection Checklist
1. Keep Everything Updated
Apply security patches to operating systems, applications, and firmware within 48 hours of release. Attackers exploit known vulnerabilities that already have patches available. Automate updates where possible.
2. Deploy Endpoint Protection
Use next-generation antivirus (NGAV) or endpoint detection and response (EDR) — not just traditional signature-based antivirus. Modern solutions detect ransomware behaviour even if the malware itself hasn't been seen before.
3. Implement Email Security
Over 90% of ransomware arrives via email. Implement:
- Advanced spam filtering with attachment scanning
- SPF, DKIM, and DMARC to prevent email spoofing
- Link protection that rewrites and scans URLs in real-time
4. Backup — And Test Your Backups
Follow the 3‑2‑1 rule: three copies of your data, on two different media types, with one copy off‑site (or in the cloud). Crucially: test your restores. A backup you haven't tested isn't a backup — it's a hope.
5. Segment Your Network
Don't put everything on one flat network. Separate servers, workstations, guest Wi‑Fi, and IoT devices into different VLANs. If ransomware hits one segment, it can't spread to everything.
6. Enforce Least Privilege
Users should have only the access they need to do their job. No local admin rights on workstations. No "everyone" shares on file servers. If a user account is compromised, the damage is contained.
7. Enable Multi-Factor Authentication (MFA)
MFA on email, remote access (VPN/RDP), and cloud services blocks credential-based attacks. This is the single most effective control against account takeover.
8. Disable Macros and Scripts
Block macros in Office documents from the internet. Disable PowerShell and Windows Script Host for standard users. These are the most common infection vectors.
9. Conduct Security Awareness Training
Your staff are your last line of defence — but only if they're trained. Regular phishing simulations and security training reduce click rates on malicious emails by over 60%.
10. Have an Incident Response Plan
If ransomware hits, you don't want to be figuring out what to do in the moment. Have a written plan covering: who to call, how to isolate infected systems, how to restore from backup, and whether to involve law enforcement or a breach coach.
What If You're Already Infected?
- Disconnect immediately — unplug the network cable, disable Wi‑Fi, but don't power off (forensic evidence may be in memory)
- Call a professional — CT Bedfordview provides incident response and can guide you through containment and recovery
- Don't pay the ransom — there's no guarantee you'll get your data back, and payment funds further attacks
Need help securing your business? Contact CT Bedfordview for a cybersecurity assessment.