The rise of ransomware attacks has become an alarming trend, causing business leaders to grapple with a difficult question: Should they negotiate with ransomware attackers and pay the demanded ransom? This dilemma poses many challenges, and businesses must weigh the potential consequences of their decisions. 

In South Africa the average cost to remediate a ransomware attack in 2021 was R6.4million, with Sophos’ The State of Ransomware in South Africa 2023 report claiming an average bill of R14million. A reported 78% of South African organisations were struck by a ransomware attack, jumping from 51% in 2022.  

No guarantees 

“Many people think that paying the ransom may be the quickest way to regain access to critical data and systems,” says Warren Bonheim, managing director of Zinia, an IT technology group and cybersecurity provider. 


He argues that there is no guarantee that the attackers will honour their end of the bargain and provide decryption keys or release the stolen data even after the ransom is paid – after all they are not bound by any ethical code. Businesses may end up losing money without resolving the issue. 

Breaking the cycle 

Paying ransoms provides financial incentives to cybercriminals, encouraging them to continue their illegal activities. It fuels a vicious cycle in which attackers are emboldened to launch more attacks. 

Some people believe that because stolen data may include sensitive information about customers or employees, paying the ransom can prevent the exposure of this data – mitigating the risk of lawsuits, regulatory fines and reputational damage. 

“However, the real danger of this is that companies may become trapped in a cycle of paying ransoms instead of addressing the root causes of vulnerabilities and not investing in more robust cybersecurity measures,” says Bonheim. 


Managing the risk 

Bonheim shares his top six tips on staying ahead of ransomware attackers: 

  1. Don’t wait to become a victim. Thinking it won’t happen is dangerous because hope is not an effective strategy, especially with the increasing sophistication and business of cybercrime. Strengthening the cybersecurity makes it more difficult for attackers to penetrate system defences.
  2. The weakest link for cybercriminals is people. Employees provide the greatest danger to the business because they may inadvertently let ransomware pass into the company by clicking on links or visiting websites that pose a risk. Security awareness training combined with regular assessments to test employees’ vulnerabilities is critical.
  3. A cybersecurity platform that has round the clock monitoring, built-in automated incident response and artificial intelligence (AI)-led techniques to quickly and automatically block or investigate threats is needed. Smart platforms, such as Sophos, also have data intelligence gathering of incidents from all over the world, where AI analyses and learns from this data for predictive prevention, to stay ahead of cybercriminals.
  4. Beyond automation, strengthen security through a team of human-led threat hunters who actively seek out anomalies, unusual patterns and other indicators of compromise that automated systems may have missed. Their goal is to identify and act against security threats before these can cause significant damage or data breaches within a business.
  5. Recently, there has been an increasing trend where attackers only return half of the stolen data and then demand the same ransom again to release the remainder. To safeguard against such scenarios, it’s crucial for businesses to implement a robust and secure cloud back-up strategy. This ensures the ability to restore data in the event of a ransomware attack, enabling uninterrupted business operations.
  6. Today companies do not have to invest in the latest technology, nor hire the skills to do so. Affordable enterprise-grade solutions are available by using a cybersecurity provider for a month-to-month service. These providers have the most advanced systems in place, which are constantly being updated to adjust to different attack scenarios. 

Getting started 

  • Begin with the basics; ensure that passwords are robust and change them regularly. 
  • Activate 2-factor authentication on social media accounts. Apps like Authy or Google Authenticator add an additional layer of protection.  
  • Install software to manage firewall, email, cloud and mobile security. 
  • Use a cloud security platform to protect your company, like Sophos or Microsoft Azure. 
  • Conduct cyber awareness risk assessments and training with staff. 
  • Appoint a full-service Managed Security Service Provider (MSSP), like Zinia, to assist with identifying, mitigating and proactively defend systems, data, and people. 

Rather than facing the ransomware dilemma in the first place, companies can prioritise prevention and preparedness to strengthen system defences, making it more difficult for criminals to launch an attack. Additionally, by having a proper data back-up plan in place, should an attack transpire, data can be quickly recovered.  

Issue: Ransomware attacks and cybercrime are on the rise. 

Solution: Use these six top tips to manage the risk to your business. 


Written by: Warren Bonheim, managing director of Zinia, an IT technology group and cybersecurity provider. 

Subscribe to our Community👇

Stay Inspired, Stay Educated, Stay Informed

By subscribing you agree to receive our promotional marketing materials. You may unsubscribe at any time.

We keep your data private.