South Africa emerges as cybercrime hotspot

New report reveals SA is the top target in Africa for ransomware and infostealer attacks, as cybercriminals shift towards high-value victims.

Tony Anscombe, Chief Security Evangelist at ESET. Portal ERP South Africa. 

South Africa has become the most targeted country in Africa for ransomware and infostealer attacks, according to global cybersecurity firm ESET’s latest Threat Report.

Data collected between June and November 2024 shows that over 40% of ransomware attacks and nearly 35% of infostealer incidents on the continent were directed at South African victims. Meanwhile, phishing remains the most common cyber threat across Africa, accounting for 34% of detected attacks.

Why South Africa? A prime target for cybercrime

Experts attribute South Africa’s vulnerability to its advanced digital economy and high online data presence across businesses, government, and individuals.

"Being at the forefront of digital transformation and having a relatively strong economy puts South Africa in the crosshairs of sophisticated cyber-attacks," says Tony Anscombe, Chief Security Evangelist at ESET. "Cybercriminals target entities that store vast amounts of sensitive data and, crucially, have the means to pay ransoms or hold cyber insurance."

High-profile cyber attacks in South Africa

Recent incidents underscore the growing threat. In June 2024, the National Health Laboratory Service (NHLS) suffered a ransomware attack that disrupted operations, erased backups, and stole 1.2 terabytes of data—all while the country was responding to an mpox outbreak. The attack exposed millions of patients’ medical records to potential leaks.

More recently, in January 2025, the South African Weather Service was targeted by RansomHub, a ransomware-as-a-service group that has compromised hundreds of victims worldwide since early 2024. The attack crippled critical ICT-based systems, highlighting the increasing sophistication and reach of cybercriminal networks.

The evolution of ransomware and emerging threats

While ransomware, infostealers, and phishing are well-known threats, their tactics are evolving. "Attackers are no longer just casting a wide net; they are now strategically targeting victims with financial power or cyber insurance, including government entities, financial institutions, insurance firms, and medical infrastructure," explains Anscombe.

Global cybercrime trends: deepfake scams and crypto theft

The ESET Threat Report also highlights broader global trends, including the surge in deepfake scams and cryptocurrency theft.

• Deepfake-driven scams increased by 335%, as cybercriminals exploit generative AI to push fraudulent investment schemes.
• The rise in cryptocurrency value in late 2024 led to a spike in crypto wallet theft, particularly on macOS, where password-stealing malware more than doubled.

Cybercriminals are using AI-generated content to manipulate social media users, encouraging them to invest in fake schemes, purchase specific cryptocurrencies, or withdraw funds from banks to benefit attackers’ financial strategies.

As cyber threats grow in scale and complexity, experts stress the importance of proactive defense strategies. With South Africa increasingly in the crosshairs, businesses, government agencies, and individuals must adopt stronger cybersecurity measures, conduct regular system audits, and educate users on emerging threats.

The ESET Threat Report, released biannually, provides data-driven insights into global cybercrime patterns and serves as a critical resource for identifying and mitigating digital risks.