By Ian Thomas on January 27, 2022

The State of Ransomware Attacks in Africa

Ransomware attacks continue to be a problem for companies around the world. As these attacks surge, many high-profile incidents have made headlines across Africa. This article highlights some of the major ransomware attacks in this part of the world along with actionable ransomware prevention strategies.

Numerous organizations, Nigeria: January 2022

Earlier this month, the Nigerian Communications Commission published a notification warning of a new type of ransomware attack targeting the networks of companies and other organizations called “BadUSB”.  According to the Nigerian Computer Emergency Response Team (ngCERT), criminals had been mailing out USB thumb drives infected with malware to a wide array of companies in the hopes that an employee would plug the thumb drive into their work computers.  Once plugged in, the thumb drives reportedly deployed multiple ransomware strains, including BlackBatter and REvil.


Department of Justice, South Africa: September 2021

On September 6, 2021, officials at the department became aware that they were the victims of a ransomware attack.  All online services, including email and the department’s website, became inoperable.  The department immediately activated its contingency plan, which prevented the ransomware from spreading to other parts of the government.  Media reports indicated that no ransom was ever paid to the attackers.


Transnet, South Africa:  July 2021

Two months before the Department of Justice attack, criminals targeted the Port of Durban in South Africa. Most of the copper and cobalt mined in Zambia and the Democratic Republic of Congo is shipped via the Port of Durban.  Transnet, who manages the port, reported that their network had been infected with a ransomware strain named “Death Kitty.” The attack caused serious disruptions to Transnet’s internal IT systems and applications, which forced operations to shift to a paper-based clearance process for all cargo transiting the port. Durban was restored to full operations eight days after the attack.  It is not known if Transnet paid a ransom. 


City Power, South Africa: July 2019

City Power, a major supplier of electricity to the city of Johannesburg, reported in July 2019 that it had been hit by a massive ransomware attack that resulted in them having to turn off all their IT systems. A large number of pre-pay customers were unable to make any electricity purchases, resulting in their power being cut off.



Africa will no doubt remain a prime target for ransomware attacks over the coming months and years. Hardening cybersecurity defenses, raising cybersecurity awareness, and implementing appropriate preventative measures can help your organization avoid the worst impacts of increasingly sophisticated ransomware attacks.


To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at

Published by Ian Thomas January 27, 2022

Join thousands of your peers! Subscribe to our blog.

Ironscales needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.