Your data is being held hostage

Your data is being held hostage by cyber criminals – what now?

It’s any company’s worst nightmare – an employee in the organisation unknowingly downloads an email attachment containing malware, and within minutes your system has been hijacked and all your data encrypted. To make matters worse, the perpetrators are demanding a ransom payment in cryptocurrency in return for a decryption key.

According to the CyberSecurity Ventures 2022 Ransomware Market Report, ransomware gangs are refining and intensifying their attacks and it is predicted that ransomware will cost its victims around $265 billion (USD) a year by 2031.

When it comes to South Africa, data from Kaspersky reveals that more than 12 000 ransomware attacks were experienced in the country in the first half of 2021, costing an average R6.4 million to remediate. This makes us the second most targeted country in Africa, according to an Interpol report.

Despite the increasing prevalence – and sophistication – of ransomware attacks, many companies fail to report that they have fallen prey to a security breach because they fear their reputation will be damaged. Instead, they quietly pay and move on, while improving their security measures after the fact.

Roy Evans, IT manager at CRS Technologies, says giving in to the hackers’ demands merely serves to encourage them to continue their criminal activities.

“Cyber criminals are cunning. Generally, the ransom amount they demand is high enough to be worth their while, but also low enough so that for the victim, it’s cheaper than the cost of restoring the system and reconstructing data. The attackers also offer discounts if victims pay quickly.

“Unfortunately, however, paying the ransom does not guarantee the provision of a working decryption key, or that the data won’t be damaged if it is recovered.”

CRS has assisted several of its clients when they’ve faced ransom demands aimed at their supply chain, customer files or system.

“Should your company become the victim of a cyber-attack, the first step is to isolate infected systems, says Evans. “Disconnect all infected devices from the network and wired/wireless connections to prevent the ransomware from spreading further. Then reset the credentials of all systems on a clean network and devices and begin the recovery process.

“It’s important to conduct a thorough investigation to determine the origin of the attack. This can help to address vulnerabilities in your system.

“Finally, a ransomware attack is a crime and should be treated as such. It’s imperative that you report it to the relevant authorities.”

Evans points to various preventative measures that can be implemented to protect your business against ransomware attacks.

“Start by installing reliable antimalware, antivirus software and firewalls. These solutions are your first-line defence against cyber threats. They work by scanning data before it enters the network, and blocking anything suspicious that is detected.

“Another best practice is to have multiple backups stored in different places and on different media, such as external drives and cloud servers. Additionally, make sure these backups are tested regularly.

“Ransomware is specifically designed to exploit system vulnerabilities and legacy features. Use a patch management solution to ensure that your servers, operating systems, web browsers and all other software are kept up to date.”

Be proactive

It goes without saying that a proactive approach is the best way to limit the impact of a ransomware attack before it happens. Evans advocates the following:

  • Network segmentation: Connecting all your devices to one server gives cybercriminals unlimited access to your system in the event of a successful cyber-attack. Segmenting the network into smaller sub-systems helps to limit the spread of ransomware.
  • Email protection: Emails are one of the most common causes of ransomware infections. Don’t open emails from unknown senders and never download attachments or click on any links they may include.
  • Password policies: Ensure user passwords are strong (minimum ten characters in upper and lower case, with numbers and special characters) and reset them at least once a month.
  • Privileges and permissions: Practise the “least privilege” principle. Limit user access and permissions to only the data and systems on which they need to work.
  • Assessments and testing: Ransomware is constantly evolving. Security policies and environments must be regularly evaluated and tested for preparedness and risk.
  • Education: End-users and employees are the most common gateway for cyber-attacks. Consequently, security awareness training is crucial.

“Cybercrime is here to stay,” Evans concludes, “which is why companies should prioritise the formulation of a comprehensive cyber-attack defence strategy. Without one, they risk losing not only their data, but the business itself. Waiting until an attack occurs before taking action is too late.”

You are welcome to contact CRS on +27 11 259 4700 or info@crs.co.za for any assistance or if you require more information.

Share the Post:

More News and Insights

Scroll to Top

Book your CRS solutions demo or consultation


By submitting this form, you agree to our terms and conditions

Software products

Simplify payroll and HR management with our comprehensive solution suite.

HR software

Reshape the employer-employee dynamic.

Payroll software

Enhance accuracy and efficiency.

Performance management software

Nurture employee development.

Integration & Security

Connect with leading ERP platforms.

Global footprint

We’re active in 35 countries.

Our services

Grow your business while we take care of your human capital.

HR outsourcing

Transform HR into a strategic asset.

Payroll outsourcing

Simplify your payroll operations.

EOR & PEO

Expand your global reach.

Support channels

We keep your payroll and HR infrastructure running smoothly.

Service desk & FAQ

Round-the-clock expert support paired with essential payroll and HR information.

HIPE4 Agreement

Global payroll and HR excellence defined.

Download resources

Leverage expert insights that steer your strategic decision-making.

Downloads

Essential resources to improve your business practices.

News & Insights

Comprehensive coverage of key payroll and HR issues.

Company overview

CRS has been pioneering payroll and HR solutions for global organisations for over 40 years.

About us

Our custom payroll and HR solutions benefit employers and employees in more than 35 countries.

Work with us

Experience an environment where creativity, collaboration and empowerment thrive.