24 March 2025 - South Africa is the most targeted country in Africa, when it comes to infostealer and ransomware attacks, according to global cybersecurity company ESET’s bi-annual Threat Report. Data and expert insight collected between June and November 2024, revealed that over 40% of ransomware attacks, and just under 35% of infostealer incidents on the continent occurred in South Africa. Across Africa, phishing remains the top threat, making up 34% of all detected attacks.
South African ranked number one in Africa, for ransomware and infostealer attacks in the second half of 2024 - ESET bi-annual Threat Report.
“Being at the forefront of the continent’s digital transformation and having a relatively strong economy, puts South Africa in the crosshairs for sophisticated cyber-attacks. Cybercriminals know that businesses, government, and individuals store a significant amount of their information online, which means ample opportunity for attacks. Given the economic status of the country, they are also likely to be able to pay ransoms and meet demands,” says Chief Security Evangelist at ESET, Tony Anscombe.
In June 2024, South Africa’s National Health Laboratory Service (NHLS) reported that it was hit with a ransomware attack, which disrupted its systems, deleted backups, and stole 1.2-terabytes of data – in the middle of dealing an mpox outbreak. The breach also put sensitive medical data of millions of patients at risk. More recently, in January 2025, the South African Weather Service disclosed that its ICT-base systems were disrupted by an attack led by ransomware-as-a-service group RansomHub – who have racked up hundreds of victims, since they were first detected at the start of 2024.
“Ransomware, infostealers, and phishing are not new threats – but they are always evolving, which means that our defences need to adapt to keep us protected. Ransomware, for example, used to cast a wide net to see how many victims they could catch, but the new trend is that cyber criminals are being more specific about who they are targeting, based on who has the power to pay, or is likely to have cyber insurance – including government, financial institutions, insurance companies, and medical digital infrastructure,” says Anscombe.
Global data – emerging trends
Company-branded and deepfake content that targets social media users with fraudulent investment schemes increased by 335% - ESET bi-annual Threat Report.
The ESET Threat Report also highlighted worldwide trends, including a rise in so-called cryptostealers across multiple platforms; “With cryptocurrencies reaching record values in the second half of 2024, cryptocurrency wallet data and credentials have become one of the prime targets of malicious actors. According to our data, the increase was the most dramatic on macOS, where password-stealing ware more than doubled compared to the first half of the year,” says Anscombe.
The rise in deepfake scams aligns with the growth of generative AI over the past year – a trend that ESET expects to continue into 2025. Cyber criminals leverage the AI-generated content to lure people into fraudulent investment schemes, buy specific cryptocurrencies, or pull their money from banks, as a way to benefit their own investment strategies.
The ESET Threat Report is released twice a year and includes data from across the globe – as well as expert insight on key trends. To access the full report, click here.