Ransomware in Africa: 400 businesses attacked every day

What exactly is ransomware?

Ransomware is malicious software that encrypts all the files on your computer or company network, then demands a ransom — usually in cryptocurrency — to restore your access to your own data.

Imagine walking into the office on a Monday morning to find every client file, every invoice, every ongoing project completely inaccessible. That's exactly what hundreds of African businesses experience every week.

The numbers that should alarm you

400 businesses targeted per day

According to data from the Kaspersky Security Network, approximately 400 businesses based in West and Central Africa fall victim to a ransomware attack attempt every single day. This is not a theoretical risk — it is a daily reality.

A professionalized criminal industry

2026 marks the era of Ransomware-as-a-Service (RaaS): criminal platforms selling ready-to-deploy attack kits, complete with technical support and profit-sharing. You no longer need to be an expert hacker — anyone can launch an attack for a few hundred dollars.

Operation Serengeti 2.0

The good news: authorities are fighting back. Operation Serengeti 2.0, coordinated by INTERPOL between June and August 2025, resulted in the arrest of 1,209 cybercriminals, the identification of 88,000 victims, and the dismantling of 11,432 malicious infrastructures across Africa.

Why African SMEs are ideal targets

1. Near-zero security budgets

Most African SMEs have no dedicated budget for cybersecurity. No professional antivirus, no firewall, no backup policy. Cybercriminals know this.

2. Absent or untested backups

Many businesses believe they are protected because they have an external hard drive. But if that drive is permanently connected to the network, ransomware encrypts it too. An untested backup is not a backup.

3. Growing dependency on digital tools

With accelerating digitalization — Mobile Money, online invoicing, client management via WhatsApp — the attack surface of African SMEs is expanding faster than their security can keep up.

4. Insufficient awareness

A single employee opening an infected attachment is enough to compromise the entire network. Without regular training, every team member is a potential entry point.

The most targeted sectors in Africa

• Financial sector — banks, microfinance institutions, fintechs
• Manufacturing sector — factories, agri-food industry
• Public administration — local governments, ministries, hospitals
• Trade and distribution — online retailers, wholesalers
• Professional services — accounting firms, lawyers, agencies

Action plan: 7 measures to protect your SME

1. The 3-2-1 backup rule

This is the standard recommended by ANSSI and applicable anywhere:

• 3 copies of your data (the original + 2 backups)
• 2 different media (external drive + cloud)
• 1 offsite copy, disconnected from the network

Test your restoration process at least once per quarter.

2. Systematic updates

The majority of ransomware exploits known, already-patched vulnerabilities. Enable automatic updates on all your devices — Windows, macOS, Android, routers.

3. Multi-factor authentication (MFA)

Enable MFA on all your critical accounts: professional email, online banking, cloud tools. Even if a password is stolen, the attacker won't be able to log in without the second factor.

4. Network segmentation

If one device is infected, ransomware should not be able to reach all the others. Separate your networks: one for workstations, one for servers, one for guest Wi-Fi.

5. Team training

A half-day of hands-on training covering essential security reflexes — phishing recognition, password management, incident reporting — reduces the risk of human error by 60 to 80%.

6. Incident response plan

Before you are attacked, prepare your response:

• Who do you contact in the event of an incident?
• How do you isolate infected machines?
• Where are your backups and how do you restore them?
• Do you need to notify your clients?

7. Never pay the ransom

Paying does not guarantee recovery of your data. Paying funds the next attacks. Paying makes you a repeat target. Prevention costs infinitely less than a ransom.

What to do if you are attacked?

1. Immediately disconnect infected machines from the network
2. Do not pay the ransom
3. Document everything (screenshots, ransom messages, encrypted files)
4. Contact the authorities — in Sénégal, the Division Spéciale de Cybersécurité (DSC)
5. Restore from your backups after a full cleanup
6. Analyze how the attack occurred to prevent it from happening again

Conclusion: security is not a luxury

With 400 attack attempts per day in West and Central Africa alone, the question is no longer if your business will be targeted, but when. The basic measures — backups, updates, training — cost almost nothing and block the vast majority of attacks.

Is your business ready? At Rostel High-Tech, we offer security audits and cybersecurity training tailored to the African context. Request a free assessment.

Sources: Kaspersky Security Network 2025, INTERPOL Operation Serengeti 2.0, ANSSI — Cybersecurity Guide for SMEs, Africa Cybersecurity Magazine.