Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Blue Label Telecoms to change its name as restructuring gathers pace

      11 July 2025

      Get your ID delivered like pizza – home affairs’ latest digital shake-up

      11 July 2025

      EFF vows to stop Starlink from launching in South Africa

      11 July 2025

      Apple plans product blitz to reignite growth

      11 July 2025

      Nissan doubles down on South Africa despite plant uncertainty

      11 July 2025
    • World

      Grok 4 arrives with bold claims and fresh controversy

      10 July 2025

      Bitcoin pushes higher into record territory

      10 July 2025

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025

      Grammarly acquires e-mail start-up Superhuman

      1 July 2025

      Apple considers ditching its own AI in Siri overhaul

      1 July 2025
    • In-depth

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025
    • TCS

      TCS+ | MVNX on the opportunities in South Africa’s booming MVNO market

      11 July 2025

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025

      TCS+ | First Distribution on the latest and greatest cloud technologies

      27 June 2025
    • Opinion

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » Ransomware attacks: how South African companies should respond

    Ransomware attacks: how South African companies should respond

    Cybersecurity has taken centre stage in South African business, and it’s no surprise given the prevalence of ransomware attacks.
    By Karl Blom and Laone Setshedi6 November 2023
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Cybersecurity has taken centre stage in South African commerce, and it’s no surprise given the prevalence of ransomware attacks.

    South African law sets out specific obligations to address these risks if they arise.

    The Protection of Personal Information Act (Popia) imposes specific obligations on businesses to maintain the integrity and confidentiality of the information that they process. This includes taking technical and organisational measures to prevent unlawful access to information in their possession or under their control.

    These steps include:

    • Identifying internal and external risks to their information;
    • Implementing appropriate safeguards to address these risks (and continually updating these safeguards as new risks arise); and
    • Implementing generally accepted information security practices as well as security practices that are specific to their industry.

    As bad actors continue to update their techniques (and ransomware becomes more advanced), businesses are similarly required to update their safeguards to address these new risks. These practices may differ depending on whether a business is, for example, part of the telecommunications, insurance or financial services industry.

    The legal status of ransomware attacks

    When a business is the victim of a ransomware attack, the attackers typically:

    • Gain access to the systems of the business;
    • Extract data from the business;
    • Upload malicious code to the business’s servers that encrypts its data and prevents the business from accessing the data; and
    • Issue a ransom note to the business, requiring the payment of a fee (typically in bitcoin) to enable the business to recover its encrypted data.

    A typical ransomware attack constitutes cyber extortion and fraud, and is considered an “aggravated offence” if the ransomware targets a “restricted system” (this includes the systems of financial institutions). The South African courts have, however, yet to convict a cybercriminal under the Cybercrimes Act of 2013 for committing a ransomware attack.

    Obligations after a ransomware attack

    A victim of a ransomware attack is placed in a very difficult position. On one hand, businesses are mandated by Popia to protect data subjects, preventing any inadvertent disclosure of their sensitive information. On the other hand, the attackers wield a potent threat, vowing to either publish or irrevocably erase the data unless the ransom is paid.

    Businesses will typically be required to make several notifications arising from a ransomware attack, including notifications to:

    • Data subjects (whose information was unlawfully accessed);
    • The Information Regulator;
    • The South African Police Service, which might be needed under the Cybercrimes Act, depending on the business’s sector or their insurance policies; and
    • Any third parties on whose behalf the business processes personal information; and/or its insurers.

    If a business wishes to pay the ransom (or negotiate with the attackers), it must ensure that it does not inadvertently contravene any applicable laws when doing so. These include:

    • The Cybercrimes Act, which makes it illegal to aid, abet, induce, incite, instigate, instruct, command or procure another person to commit an offence such as cyber extortion; and
    • The Prevention and Combatting of Corrupt Activities Act (Precca), which requires a person with knowledge of the commission of the offences of theft, fraud or extortion to report the matter to the police when the offence involves an amount of R100 000 or more.
    The authors, Karl Blom and Laone Setshedi

    Following notification to the police, it is important to note that they may (in terms of the Cybercrimes Act) require a business to preserve all information which may assist them in their investigation of the ransomware attack, and potentially to provide police officials and investigators with reasonable technical and other support that they may need to conduct their investigation.

    Other important considerations

    When responding to a ransomware attack, it is often prudent to brief (through your attorneys if required) a number of experts, who may include:

    • Forensic investigators (to determine how the incident occurred and prevent future incidents); and
    • PR experts (to assist the business in managing any damage to the business’s reputation).

    It is also important to ensure that, where a business holds insurance for losses arising from ransomware attacks, there is strict compliance with the terms of the insurance policy (which may regulate, for example, whether a business can make payment of a ransom).

    The prevalence of ransomware attacks and other forms of cybercrime is an ongoing concern that businesses must contend with. Taking reasonable proactive measures against these attacks is vital to ensure that these incidents do not become an existential threat to your business.

    • The authors are Karl Blom, partner, and Laone Setshedi, candidate attorney, both at Webber Wentzel

    Get breaking news alerts from TechCentral on WhatsApp



    Karl Blom Laone Setshedi Ransomware Webber Wentzel
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleMassmart taps parent Walmart for new e-commerce chief
    Next Article New load shedding blocks for Joburg – here’s how you are affected

    Related Posts

    Hackers tighten grip as ransomware epidemic hits South Africa hard

    1 July 2025

    Essential insights for businesses on emerging cyberthreats

    24 June 2024

    Unpacking CompCom’s new ‘public interest’ merger rules

    27 March 2024
    Company News

    $125-trillion traded: Binance redefines global finance in just eight years

    11 July 2025

    NEC XON welcomes HPE acquisition of Juniper Networks

    11 July 2025

    LTE Cat 1 vs Cat 1 bis – what’s the difference?

    11 July 2025
    Opinion

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.