PROJECT: THE RANSOMWARE CRISIS - INSIDE THE SHADOW ECONOMY (PART 1)

PLEASE SHARE THIS PUBLIC DOCUMENT

In today’s digital age, ransomware attacks have moved beyond simple computer viruses to become highly organised criminal operations. These attacks can shut down businesses, disrupt essential services, and extort huge sums of money.

This project aims to demystify how ransomware works, how victims respond, and what we can all do to protect ourselves. Awareness is the first step toward building resilience and reducing the power of these criminal networks.

DEFINITION: RANSOMWARE ATTACK

• A ransomware attack is a form of cybercrime in which malicious software is used to encrypt or lock access to an organisation’s computer systems, servers, or data.

• Once access is blocked, the attackers demand a ransom, usually payable in cryptocurrency, in exchange for a decryption key or the restoration of systems.

• In many modern ransomware attacks, criminals also engage in data exfiltration, meaning sensitive information is stolen before encryption.

• Victims are then threatened with public release of the data if the ransom is not paid.

• Ransomware attacks can cause severe operational disruption, financial loss, reputational damage, and legal consequences, particularly where personal data is compromised under South Africa’s Protection of Personal Information Act (POPIA).

WELL-KNOWN RANSOMWARE ATTACKS IN SOUTH AFRICA:

1. Transnet (2021):

• One of the most significant ransomware incidents in South Africa’s history.

• Transnet’s IT systems were crippled, forcing the shutdown of major container terminals at Durban, Cape Town, Port Elizabeth, and Ngqura.

• The attack caused widespread disruption to the national supply chain, exports, and imports.

• It was later confirmed to be a ransomware attack, with massive economic consequences.

2. Department of Justice and Constitutional Development (2021):

• The department suffered a ransomware attack that shut down electronic systems nationwide, including email services and court-related platforms.

• This severely impacted court operations, bail processes, and access to legal services, highlighting the vulnerability of critical state infrastructure.

3. City of Johannesburg (2019):

• The City of Johannesburg was hit by a ransomware attack that disabled billing systems, customer service portals, and internal networks.

• Residents were unable to access municipal services or receive accurate billing statements.

• Attackers demanded payment in Bitcoin.

4. Life Healthcare Group (2020):

• Life Healthcare, one of South Africa’s largest private hospital groups, experienced a ransomware incident that disrupted hospital admissions, patient records, and operational systems.

• Although emergency services continued, the attack placed immense pressure on healthcare staff and systems during an already strained period.

5. South African Post Office (2022):

• The Post Office suffered a cyberattack widely reported as ransomware-related, resulting in the theft of employee and customer data and prolonged service disruptions.

• The incident raised serious POPIA compliance concerns and public trust issues.

KEY TAKEAWAYS:

• Ransomware attacks affect both public and private sectors, including critical infrastructure, healthcare, logistics, and government departments.

• South Africa is increasingly targeted due to legacy systems, limited cybersecurity budgets, and human-factor vulnerabilities such as phishing.

• Victims may face legal obligations under POPIA, including mandatory data breach notifications.

• Paying a ransom does not guarantee data recovery and may encourage further attacks.

THE PROBLEM: A MODERN-DAY CRIMINAL INDUSTRY

Ransomware is not just a technical glitch; it is a full-blown criminal business. Key challenges include:

• THE RACE AGAINST TIME:

  • The first hour after an attack is critical.

  • Quick action can limit damage, while delays let criminals steal data and lock down entire systems.

• THE PAYMENT DILEMMA:

  • Victims face a terrible choice.

  • Pay criminals to possibly regain access to their systems and data or refuse and risk severe disruption.

  • This choice fuels a billion-dollar illegal industry.

• ETHICAL AND LEGAL GRAY AREAS:

  • Paying ransoms can fund further crime and may even break laws.

  • Many now believe it is better not to pay, but the pressure to keep running can be overwhelming.

• EVER-CHANGING CRIMINALS:

  • Hacking groups often change names, rebuild, and adapt.

  • Each time one threat is stopped, another quickly emerges elsewhere.

This project explores how attacks unfold, how victims respond,

and why the focus is shifting toward recovery rather than payment.

HOW THE RANSOMWARE SYSTEM WORKS:

• THE ATTACK STEPS:

  • Break-in → Exploration (looking for valuable data) → Theft (copying data) → Lockdown (encrypting files) → Demand (requesting payment to unlock or delete data).

• THE DEFENDER'S OPPORTUNITY:

  • During the exploration phase, defenders have a chance to detect and stop the attack before serious harm is done.

• CRIMINAL "BRANDS":

  • Some ransomware groups actually provide the unlock keys after payment—not out of honesty, but to keep their “business model” credible so future victims will pay.

• THE ROLE OF INSURANCE: 

  • Many companies have cyber-insurance, which can cover ransom payments.

  • This has created a complex market where experts are often brought in to manage the crisis.

This project highlighted the growing national threat posed by ransomware attacks.

In the next project, SSS will focus on how to limit the damage and recover effectively after such an attack has occurred.

Stay Prepared.

Prioritise Recovery.

Refuse to Fund Crime.

Specialised Security Services invites the public to the Mike Bolhuis Daily Projects WhatsApp Channel.

This channel is important in delivering insights into the latest crime trends, awareness, warnings and the exposure of criminals.

How to Join the WhatsApp Channel:

1. Make sure you have the latest version of WhatsApp on your device.

2. Click on the link below to join the Mike Bolhuis Daily Projects WhatsApp Channel:

- https://whatsapp.com/channel/0029VarjftF8PgsI4pODE929

3. Follow the prompts to join the channel.

4. Make sure you click on "Follow", then click on the "bell"-icon (🔔)

CONTACT MR MIKE BOLHUIS FOR SAFETY AND SECURITY MEASURES, PROTECTION, OR AN INVESTIGATION IF NEEDED.

ALL INFORMATION RECEIVED WILL BE TREATED IN THE STRICTEST CONFIDENTIALITY AND EVERY IDENTITY WILL BE PROTECTED.

Regards,

Mike Bolhuis

Specialist Investigators into

Serious Violent, Serious Economic Crimes & Serious Cybercrimes

PSIRA Reg. 1590364/421949

Mobile: +27 82 447 6116

E-mail: mike@mikebolhuis.co.za

Fax: 086 585 4924

Follow us on Facebook to view our projects -

https://www.facebook.com/MikeBolhuisOfficial

EXTREMELY IMPORTANT: All potential clients need to be aware that owing to the nature of our work as specialist investigators there are people who have been caught on the wrong side of the law - who are trying to discredit me - Mike Bolhuis and my organisation Specialised Security Services - to get themselves off the hook. This retaliation happens on social media and creates doubt about our integrity and ability. Doubt created on social media platforms is both unwarranted and untrue. We strongly recommend that you make up your minds concerning me and our organisation only after considering all the factual information - to the exclusion of hearsay and assumptions. Furthermore, you are welcome to address your concerns directly with me should you still be unsatisfied with your conclusions. While the internet provides a lot of valuable information, it is also a platform that distributes a lot of false information. The distribution of false information, fake news, slander and hate speech constitutes a crime that can be prosecuted by law. Your own research discretion and discernment are imperative when choosing what and what not to believe.

STANDARD RULES APPLY: Upon appointment, we require a formal mandate with detailed instructions. Please take note that should you not make use of our services – you may not under any circumstance use my name or the name of my organisation as a means to achieve whatever end.

POPI ACT 4 of 2013 South Africa: Mike Bolhuis' "Specialised Security Services" falls under Section 6 of the act. Read more here: https://mikebh.link/fntdpv

SSS TASK TEAM:

https://mikebh.link/2fkmx6

Copyright © 2015- PRESENT | Mike Bolhuis Specialised Security Services | All rights reserved.

Our mailing address is:

Mike Bolhuis Specialised Security Services

PO Box 15075 Lynn East

Pretoria, Gauteng 0039

South Africa

Add us to your address book

THIS PUBLIC DOCUMENT WAS INTENDED TO BE SHARED, PLEASE DO SO.