RSAWEB victim of cyberattack as wave of ransomware attempts hits SA in past week

Just during the last week, there were about 300 cases of ransomware attempts in South Africa detected by Kaspersky.

• Internet service provider RSAWEB was hit by “a highly sophisticated cyberattack”, it confirmed on Sunday evening.
• At this stage, RSAWEB does not believe any customer or employee data was accessed or misused due to the attack.
• Just during the last week, there were about 300 cases of ransomware attempts in South Africa detected by global cybersecurity company Kaspersky.
• For more financial news, go to the News24 Business front page.

Internet service provider RSAWEB was hit by “a highly sophisticated cyberattack” last week, CEO Rudy van Staden informed customers in an email update on Sunday evening.

He explains that, in the early hours of Wednesday, 1 February 2023, RSAWEB discovered the cyberattack and took steps immediately to contain the threat and secure its systems. 

“We were unfortunately targeted by an extremely capable and devious threat actor. This attack is part of a campaign that has victimised many other businesses in South Africa and globally,” says Van Staden.

“Our teams have been working tirelessly to restore services to all our customers and to determine the cause of this malicious attack,” states Van Staden.

At this stage, RSAWEB does not believe that any customer or employee data was accessed or misused due to the malicious attack. 

“The relevant authorities have been informed, and we have also engaged independent professional cybersecurity advisors,” says Van Staden. “We will continue taking all reasonable steps to protect our customers and employees from future cyber threats.”

The company restored Fibre to the Home (FTTH) and Fibre to the Business (FTTB) services within 24 hours for the vast majority of customers. 

“To date, services have been restored to all our Fibre to the Home, Fibre to the Business, VoIP, ADSL, and Mobile APN customers affected by this malicious attack,” according to Van Staden’s letter.

Ransomware attempts

Just during the past week, there were about 300 cases of ransomware attempts in South Africa detected by global cybersecurity company Kaspersky, Brandon Muller, its technology expert and consultant for the Middle East and Africa told News24 on Monday.

“Ransomware remains one of the main threats towards information security in Africa and globally. One of the most notable cases of ransomware during the past year is the attack on Shoprite, the largest retail chain in Africa. Other examples include attacks by the LockBit group in sub-Saharan Africa,” says Muller.

Kaspersky sees a distinctive trend in the development of ransomware towards getting more sophisticated and targeted, exposing victims to more threats. 

“In recent years, ransomware groups have come a long way from being scattered gangs to businesses with distinctive traits of a fully-fledged industry. We are seeing more and more cases where ransomware attacks are performed manually, in a time-consuming yet efficient manner that was not typical for small-scale attackers previously,” says Muller. 

In 2022 Kaspersky contributed to Interpol’s Africa Cyber Surge Operation (Acso) by sharing information on ransomware command and control servers. 

“This evidence provided the grounds for a series of operational and investigative activities against the threat actors behind the cybercrimes and their malicious infrastructure,” says Muller.

“The reality is that any company with an online presence, regardless of size or industry, is at risk and should therefore prioritise and formalise their approach to risk management,” says  Sizwe Cakwebe, manager of cyber risk at risk specialist SHA, a division of Santam.

The 2022 SHA Risk Review indicates that one in three SME respondents suffered a cyber-attack, with the most common cause being malware (30%). This is despite over 60% of SMEs believing that they were not viable targets for cybercriminals.