Should you pay ransom for stolen data?

South Africans have witnessed a number of high profile ransomware cases in recent years. From public utilities to private enterprises, cyber attacks indiscriminately affect South African organisations. Over half of SA businesses were hit by ransomware attacks in 2022. Cyber crime stats suggest a continued rise in criminal activities going forward.

Both SMEs and enterprises need robust ransomware protection to remain secure in today’s threat landscape. Without appropriate security measures in place, organisations run the risk of having to deal with the effects of a ransomware attack - namely whether to pay ransom for stolen data.

Should companies pay ransom to hackers?

It is generally not recommended to pay ransom for stolen data. Cyber security professionals advise against giving in to the demands of hackers. One of the main reasons is that it can encourage cyber criminals to continue their activities and may not result in the safe return of the stolen data - in the same way that the United States does not negotiate with terrorists.

Even if the ransom is paid, there is no guarantee that the attackers will actually return the stolen data or provide the decryption key needed to unlock encrypted information. Even in instances where hackers provide a decryption key, the damage done may be irreversable. It's the hackers goal to get money. Once funds have been received, criminals are not highly motivated to help the organisation recover lost or corrupted data.

Paying ransom funds criminal groups

Paying a ransom can make an organisation a target for future attacks, as attackers may see them as a lucrative entity with a guaranteed payout. By succumbing to ransom demands, organisations give the impression that they are willing to pay and can unwittingly incentivise attackers to continue their illegal activities. This raises some ethical and legal concerns.

Under the Corruption Act, it is illegal for South Africans to pay ransom to anyone in order to secure the release of ships, cargo or people. Apart from violating local laws and regulations, paying ransom can potentially harm the company's reputation. For example, customers may worry about the security of their personal information and take their business elsewhere.

South African organisations refuse to pay ransom

There have been several reported cases of South African companies falling victim to ransomware attacks in recent years. In July 2019, the City of Johannesburg fell victim to a ransomware attack that encrypted its systems and demanded a ransom of four bitcoins (approximately R500 000).

A few months later, the city experienced a second ransomware attack which left many residents without electricity for days. Instead of paying ransom, the city relied on their backup systems to regain control of their digital infrastructure.

The ransomware attack against Transnet in July 2021 also resulted in a disruption of essential services. The state-owned freight and logistics company also refused to pay ransom and were able to restore systems without giving into the demands of the hackers.

Robust ransomware protection

Instead of paying a ransom, it is recommended that organisations focus on preventive measures such as regular data backups, implementing strong cybersecurity measures and training employees on cyber security best practices.

If data is stolen or encrypted, companies should report the incident to law enforcement and seek assistance from cybersecurity experts to recover the data and prevent future incidents. For more information or to get a quote for our cyber security solutions, email us at marketing@seacom.com or leave us a message.

Seacom operates Africa’s most extensive network of information and communications technology (ICT) infrastructure, including multiple subsea cables and secure internet connections tracing both sides of the continent. This is partnered with broad terrestrial fibre networks in Southern and East Africa, extending services to these regions.

Today, Seacom provides holistic ICT solutions covering connectivity, cyber security, cloud, smart networking and communication products that provide African businesses with the necessary building blocks to deliver world-class solutions to their clients. We are privately owned and operated, making us agile and adaptable to the needs of our customers.

For‌ ‌more‌ ‌information‌ ‌on‌ these solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌industry news and announcements on African ICT, internet connectivity, cloud services and security solutions.