Ransomware isn't just a problem for big corporations. In fact, small and medium businesses are the primary targets — precisely because they often lack the security measures that larger organisations have in place.
Why South African SMBs Are Targeted
Cybercriminals know that many local businesses operate with limited IT budgets and minimal security. The average ransom demand for SMBs ranges from R50,000 to R500,000 — and many pay because they don't have backups.
How Ransomware Gets In
Ransomware typically enters through:
- **Phishing emails** — An employee clicks a malicious link or opens an infected attachment
- **Remote desktop vulnerabilities** — Exposed RDP ports are a favourite entry point
- **Unpatched software** — Known vulnerabilities that haven't been updated
- **Drive-by downloads** — Visiting compromised websites
Your Protection Plan
1. Backups Are Your Safety Net
Follow the 3-2-1 rule: three copies of your data, on two different media types, with one copy off-site. And test your backups regularly — a backup you can't restore is worthless.
2. Patch Everything, Every Time
Keep operating systems, applications, and firmware updated. Enable automatic updates where possible. Many ransomware attacks exploit vulnerabilities that had patches available for months.
3. Train Your Staff
Your employees are your first line of defence. Regular security awareness training reduces the risk of a successful phishing attack by up to 70%.
4. Restrict Administrative Access
Only give admin rights to people who absolutely need them. Most ransomware spreads through admin accounts — limit the blast radius.
5. Use Endpoint Protection
Modern endpoint detection and response (EDR) tools can catch ransomware before it executes, even if it's a new variant that traditional antivirus wouldn't detect.
What to Do If You're Hit
- **Disconnect immediately** — Pull the network cable or disconnect from Wi-Fi
- **Don't pay the ransom** — There's no guarantee you'll get your data back
- **Call your IT provider** — They can help contain and recover
- **Report it** — Contact the SAPS cybercrime unit
Worried about ransomware? CT Bedfordview can assess your current security posture and implement protections tailored to your business. Get in touch.