PROJECT: LIMITING THE DAMAGE OF A RANSOMWARE ATTACK (PART 2)
- Isabel Spies
- 5 days ago
- 5 min read
PLEASE SHARE THIS PUBLIC DOCUMENT
South Africa is facing an alarming rise in ransomware attacks.
Cybercriminals are continuously adapting their tactics, staying one step ahead of organisations and individuals.
These attacks can cripple systems, steal sensitive data, and demand hefty ransoms,
leaving victims exposed to severe financial and operational losses.
Specialised Security Services (SSS) urges all South Africans to remain vigilant, strengthen cybersecurity measures,
and report suspicious activity immediately.
Proactive prevention, timely response, and awareness are key to stopping cybercriminals before they strike.
Read our initial project for more context:
MOST RECENT NEWS ARTICLES:
INSIDE THE RESPONSE: CONTAINING THE DAMAGE
When a major attack happens, a specialised response team acts:
IMMEDIATE CONTAINMENT (FIRST HOUR)
The goal is to isolate the attack, cut off the criminals’ access, and prevent further spread.
ASSESSMENT (FIRST DAY):
Experts work closely with the organisation’s leaders to assess damage, guide decisions, and provide a clear path forward.
THE BIG QUESTION:
Response teams urge clients to ask: “Why should we pay?”
They remind leaders they are dealing with professional criminals, not amateur hackers.
NEGOTIATION INSIGHTS:
Firms keep records on different hacker groups—how they operate, whether they keep promises, and how they negotiate—to help inform the response.
CHANGING ATTITUDES TOWARD PAYING RANSOMS:
There is a strong shift away from paying ransoms, for both ethical and practical reasons:
MOVING TOWARD "NO PAYMENT":
Many experts now advise against paying whenever possible.
This starves criminals of funds and avoids legal risks.
FOCUS ON RECOVERY:
Instead of paying, the emphasis is now on restoring systems from backups and rebuilding—even if it takes longer.
Getting back online is the top priority.
THE LIMITS OF SANCTIONS:
While authorities try to track and sanction hacker groups, they often re-form under new names.
This makes it hard to know who you’re really paying—and whether you might unintentionally fund hostile groups.
THE GROWING ROLE OF COLLABORATION:
Governments and businesses are working together more closely than ever:
SHARING INFORMATION EARLY:
Agencies like the UK’s National Cyber Security Centre now proactively warn potential targets and help companies share threat information during widespread attacks.
South Africa has cybersecurity authorities and structures, but they are not exactly equivalent to the UK’s National Cyber Security Centre (NCSC), which is a single, centralised body for national cybersecurity.
NATIONAL CYBERSECURITY HUB (NCH) – UNDER THE STATE SECURITY AGENCY (SSA)
Part of South Africa’s State Security Agency, this hub is responsible for:
Monitoring national cybersecurity threats.
Coordinating responses to critical cyber incidents.
Providing strategic guidance to government and critical infrastructure sectors.
Its role is similar to the strategic/defensive side of the UK’s NCSC, but it is less publicly visible and primarily government-focused.
CYBERSECURITY HUB – DEPARTMENT OF COMMUNICATIONS AND DIGITAL TECHNOLOGIES
Supports the Cybersecurity Framework for South Africa, including awareness campaigns and guidance for government and private sectors.
Works closely with private industry on cyber risk management, but does not have the operational “incident response” authority like the NCSC.
SOUTH AFRICAN POLICE SERVICE (SAPS) – CYBERCRIME UNIT
Investigates cybercrime incidents, including ransomware attacks.
Provides legal enforcement and victim support, similar to the UK’s National Crime Agency Cyber Unit, rather than the NCSC’s prevention/defence role.
PRIVATE SECTOR PARTNERSHIPS:
Several private organisations and security firms in South Africa (e.g., SSS, Internet Service Providers’ cybersecurity initiatives, and banks) provide guidance, threat intelligence, and incident response support.
Often collaborate with the government for critical infrastructure protection, like banks, transport, and healthcare.
STRENGTH IN UNITY:
This teamwork makes it harder for criminals to pick off unprepared targets one by one.
HOW TO PROTECT YOURSELF OR YOUR ORGANISATION:
PREPARE FOR THE WORST:
Assume an attack will happen eventually. Have a response plan and know who to call.
EDUCATE DECISION-MAKERS:
Leaders should understand ransomware as a criminal business, not just an IT problem.
This helps guide smarter decisions.
INVEST IN BACKUPS:
Keep secure, offline copies of important data.
Being able to restore your own systems is the best way to avoid paying ransoms.
WORK WITH AUTHORITIES:
Build relationships with national cybersecurity agencies.
Their support can be crucial during an attack.
ADOPT A “NO PAYMENT” POLICY:
Where possible, plan to recover without paying.
This strengthens security for everyone.
If your organisation has experienced a ransomware attack or you have any cybersecurity concerns,
contact Mr. Mike Bolhuis immediately for expert guidance and support.
Specialised Security Services invites the public to the Mike Bolhuis Daily Projects WhatsApp Channel.
This channel is important in delivering insights into the latest crime trends, awareness, warnings and the exposure of criminals.
How to Join the WhatsApp Channel:
1. Make sure you have the latest version of WhatsApp on your device.
2. Click on the link below to join the Mike Bolhuis Daily Projects WhatsApp Channel:
3. Follow the prompts to join the channel.
4. Make sure you click on "Follow", then click on the "bell"-icon (🔔)
CONTACT MR MIKE BOLHUIS FOR SAFETY AND SECURITY MEASURES, PROTECTION, OR AN INVESTIGATION IF NEEDED.
ALL INFORMATION RECEIVED WILL BE TREATED IN THE STRICTEST CONFIDENTIALITY AND EVERY IDENTITY WILL BE PROTECTED.
Regards,
Mike Bolhuis
Specialist Investigators into
Serious Violent, Serious Economic Crimes & Serious Cybercrimes
PSIRA Reg. 1590364/421949
Mobile: +27 82 447 6116
E-mail: mike@mikebolhuis.co.za
Fax: 086 585 4924
Follow us on Facebook to view our projects -
EXTREMELY IMPORTANT: All potential clients need to be aware that owing to the nature of our work as specialist investigators there are people who have been caught on the wrong side of the law - who are trying to discredit me - Mike Bolhuis and my organisation Specialised Security Services - to get themselves off the hook. This retaliation happens on social media and creates doubt about our integrity and ability. Doubt created on social media platforms is both unwarranted and untrue. We strongly recommend that you make up your minds concerning me and our organisation only after considering all the factual information - to the exclusion of hearsay and assumptions. Furthermore, you are welcome to address your concerns directly with me should you still be unsatisfied with your conclusions. While the internet provides a lot of valuable information, it is also a platform that distributes a lot of false information. The distribution of false information, fake news, slander and hate speech constitutes a crime that can be prosecuted by law. Your own research discretion and discernment are imperative when choosing what and what not to believe.
STANDARD RULES APPLY: Upon appointment, we require a formal mandate with detailed instructions. Please take note that should you not make use of our services – you may not under any circumstance use my name or the name of my organisation as a means to achieve whatever end.
POPI ACT 4 of 2013 South Africa: Mike Bolhuis' "Specialised Security Services" falls under Section 6 of the act. Read more here: https://mikebh.link/fntdpv
SSS TASK TEAM:
Copyright © 2015- PRESENT | Mike Bolhuis Specialised Security Services | All rights reserved.
Our mailing address is:
Mike Bolhuis Specialised Security Services
PO Box 15075 Lynn East
Pretoria, Gauteng 0039
South Africa
Add us to your address book
THIS PUBLIC DOCUMENT WAS INTENDED TO BE SHARED, PLEASE DO SO.
