Malicious individuals exploit vulnerabilities, such as weaknesses in software from unpatched systems, to gain access to organisations and navigate through the network undetected in order to perform malicious attacks against organisations. Over the years businesses around the world have succumbed to a variety of ransomware attacks, causing the unavailability of critical business data through encryption. As a result, organisations are unable to provide their services or products which ultimately leads to the deterioration of the business. Last year, it was reported that South Africa had the third highest number of cybercrime victims of any country.1 Worrisomely, adversaries are using ransomware to target South African national critical infrastructures and services which not only threatens public safety, but also the availability of essential services.

The most recent high-profile ransomware attack paralysed the City of Johannesburg Metropolitan Municipality for almost two weeks leading to the disruption of regular operations. In this instance the ransom was not paid but Cyber professionals were hired to assist in the restoration of files and systems in order to resume business-as-usual operations, which cost the Municipality up to R50 million.