Ransomware shutters weather service in SA

also ft Sudan's - and Africa's - internet resilience problem

Olatunji Olaigbe

Noah Aderoju

, and

Olatunji Alameen

Feb 01, 2025

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

Why did the hacker go to the beach? He went phishing.

Okay. At CybAfrique, we’re always looking to improve how we share insights on cyber and information security in Africa—starting with our newsletter. Please take this two-minute survey to share your thoughts and help us serve you better. We’d also love to chat with some of our readers—leave your email in the survey if you're open to it.

Enjoy the issue!

— Olatunji

HIGHLIGHTS

Ransomware shutters South Africa weather website

For the past week, the South Africa Weather Service (SAWS) has been down due to a cyber attack, crippling weather forecasts and intelligence from the government-run organization — which is critical to operations of aviation, marine, and agriculture sectors and the everyday life of people in the country and its neighbors, Mozambique and Zambia.

Airlines and marine operations would have been stranded of crucial weather information if, spoiler alert, there had been a ban on social media in South Africa like there currently is in South Sudan. SAWS has resorted to using social media to share important weather updates since Sunday.

According to the CEO, Ishaam Adaber, SAWS ICT systems went down on Sunday at the second attack of the ransomware group who later identified themselves as the “RansomHub” in a generic ransomware note sent on the dark web. SAWS security systems blocked the first attempt of the attack on Saturday but couldn't withstand the second, more sophisticated attack on the second day when it finally succumbed. Till Adaber’s interview with the eNCA on Thursday morning, the attackers haven't made any request since their message on the dark web. The organization still doesn't know when its website will be back up as it continues to use social media to share weather forecasts while building back its systems from backups and scratch elements.

RansomHub, the attacker identified by Adaber, is a prolific ransomware group that operates a ransomware-as-a-service (RaaS) operation. It gained popularity in February 2024 after the LockBit3 gang’s decline. By June it had already become a prominent ransomware group responsible for many attacks with the signature tactic of breaching organizations, exfiltrating sensitive data, and then encrypting systems as was done to the SAWS.

ICYMI: Ransomware in Egypt, Kenya

Ransomware attacks have been a big blow for South Africa; the state-owned Development Bank of Southern Africa was hit by ransomware in 2023; in September 2023, the country’s defense department was also attacked by Ransomware group and sensitive data including the President’s number and email was released alongside 1.6 terabytes of other sensitive data. In June last year, the SA National Health Laboratory Service (NHLS) was hit by a ransomware attack that shuttered some 265 testing laboratories for several days, all as the country was fighting a nasty outbreak of monkeypox. SA’s International Trade Administration Commission also reported a ransomware attack in January 2024.

Both Telecom Namibia and Nigeria's National Bureau of Statistics(NBS) breach reported breaches in December 2024.

Nigeria, Kenya, and South Africa are amongst African countries topping cyberattack charts as their rapid digitization leaves behind cybersecurity.

A stalemate in Nigeria vs Meta’s WhatsApp

The ongoing case of a $220 million fine on WhatsApp and its parent company, Meta, by Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) which Meta is appealing at the Competition and Consumer Protection Tribunal (CCPT) has so far ended in a stalemate.

The tribunal chose to adjourn the ruling on the case to a date yet to be communicated after hearing from both sides.

ICYMI: WhatsApp privacy bias with Nigeria

It all started when FCCPC slammed a fine of $220 million on Whatsapp for violating the FCCPC Act and Nigerian data protection laws by enforcing exploitative and non-compliant privacy practices, including excessive data collection that could lead to device fingerprinting. Basically, WhatsApp was collecting data of subscribers that can be used to identify them for commercial purposes without their consent or even an opt-out option.

According to the FCCPC, the accusation was concluded after three years of investigating Meta’s conduct and operations between May 2021 and December 2023 by the FCCPC and the Nigeria Data Protection Commission (NDPC).

Meta, disagreeing with the accusations, chose to appeal the fine in July last year, citing several reasons like the impracticable conditions, vague directives, and unreasonable amount of fine. Meta also argues that FCCPC does not have the right to fine it as data protection is not within its jurisdiction.

The ongoing case shows the current struggles of developing nations to ensure accountable and equitable adherence of big tech platforms to data protection guidelines as they would in more developed nations. The struggle is even more common in countries without an independent Data Protection Authority to enforce national data laws. According to Data Protection Africa, of the 36 African countries with data protection regulations, only 16 of them have meaningfully independent DPAs, and 24 with some level of financial independence where their source of funding is either assured in budget or legislated.

Even with many African countries creating national data protection laws in line with global practices and adopting regional and global conventions, big tech platforms still flout them. Meta, in particular, is a popular culprit. It is currently appealing a $831 fine by the European Union imposed for allegedly wielding its trove of user data to boost its own Facebook Marketplace service. Meta has been accused of discriminatory privacy practices in India where users are not given the choice to opt out of WhatsApp data sharing with Facebook.

Sudan, South Sudan, and internet resilience in Africa

The South Sudanese government shut down social media platforms after videos and reports showing violent attacks on South Sudanese nationals in Sudan sparked retaliatory attacks on Sudanese refugees in South Sudan.

The secular stated that the measure, grounded in the National Communication Act of 2012, is essential to protect public safety and mental health, particularly among vulnerable groups such as women and children, especially after a six to six curfew had failed to reduce conflict.

ICYMI: Cyber in Sudan

All of this is happening as the latest Internet Society Resilience Index scores Africa a meager 34%, which although a 1% increase from last year, is still the lowest of all continents. Sudan, which was the lowest, scored 26%.

Contrasting to the growth in the Internet Resilience Index, the latest Internet Poverty Index released in December 2024, while showing a global trend in Internet affordability, conversely recorded an increase in Internet poverty in Africa. Internet Poverty in the region increased from 523 million in 2023 to 545 million in 2024.

The conflict in Sudan and South Sudan has happened in context with internet shutdowns and is arguably the worst in Africa. In August 2021, South Sudan experienced an internet blackout that the government described as a technical hitch. It lasted for 15 hours, leaving users unable to access Facebook, WhatsApp, Twitter, and other online platforms. In Sudan, a nationwide telecommunication shutdown in February left almost 30 million Sudanese without access to the internet or telephone calls for more than a month.

In 2024, Sudan made up $1.2 billion of the $1.5 billion lost to internet and social media shutdowns in Africa.

Do you find value in the CybAfriqué newsletter? Share to support the work we do.

The “Nigeria Cyber Threat Forecast 2025,” published by the Cyber Security Experts Association of Nigeria (CSEAN) has singled out Digital asset scams and attacks powered by artificial intelligence (AI) as the two most potent threats in Nigerian cyberspace this year. The Cyber threats experts believe these two will pose the biggest threat this year. Especially with Nigeria is home to Africa’s biggest digital asset market, boasting of an estimated 10% of the population, equating to 22 million Nigerians, owning digital assets. Noting instances from 2024 where the report warns that sophisticated tactics will exploit trust and manipulate public opinion, posing severe risks to individuals and businesses.
This WIRED report details how internet fraudsters “Yahoo Boy” are impersonating CNN and other news organizations to create videos that pressure victims into making blackmail payments.
Mobile money fraudsters are advancing strategies that utilize the trust and reliance of patrons on mobile money agents. This report explored how mobile money fraud is becoming a norm in Ghana with fraudsters exploiting trust and private information in orchestrated creative scamming strategies.