Ransomware threats: How AI can help combat cybercrime
Image: File
Ransomware has emerged as one of the most devastating cyber threats, wreaking havoc on businesses, governments, and essential services worldwide, and addressing this complex problem requires adopting artificial intelligence to create better detection mechanisms.
This is according to Avinash Singh, a lecturer in the Department of Computer Science at the University of Pretoria (UP), who is helping to find the solution.
In 2024, a Fortune 50 company paid $75 million to ransomware attackers – the highest confirmed ransom payout in history. Ransomware attacks, once indiscriminate and opportunistic, have evolved into sophisticated, targeted campaigns.
The advent of ransomware-as-a-service (RaaS) has lowered barriers to entry for attackers, enabling even novice cybercriminals to access pre-built ransomware kits and technical support.
Singh explained that this dark web ecosystem operates much like legitimate software-as-a-service (SaaS) platforms like Gmail and Zoom, except its focus is on digital extortion rather than productivity.
In South Africa, the Sophos State of Ransomware 2024 report revealed that the average ransom payment reached R17.9 million, with recovery costs, excluding ransom payments, averaging R19.44 million.
Beyond financial costs, attacks like the breach of the National Health Laboratory Service in June 2024, where 1.2 terabytes of sensitive data were stolen, highlight the societal implications, disrupted healthcare services, loss of public trust, and potential harm to individuals whose data is compromised.
This is one of many ransomware attacks targeting South African organisations.
Addressing this complex problem requires adopting artificial intelligence to create better detection mechanisms.
'Artificial intelligence requires datasets that are often not available, resulting in researchers having to do exhaustive experimentation just to get the necessary data to perform detection tasks,' Singh explains.
To solve this lack of data, he designed a tool called MalFE to advance malware research by facilitating the collection and analysis of ransomware samples.
'MalFE enables researchers to create machine-learning datasets more efficiently, compare malware reports, and share findings in an open, collaborative environment. By combining technical innovation with an ethos of transparency and accessibility, the platform embodies the collaborative spirit of this research.'
Singh explained that the significance of this work extends beyond individual organisations to the broader societal and economic landscape.
'Cyberattacks on critical infrastructure threaten public services and economic stability, with ripple effects that disrupt entire communities.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Maverick
4 days ago
- Daily Maverick
Transnet extraction — where and how Gupta bribes were paid to Big Four accused
Former Transnet CEO Brian Molefe, CFO Anoj Singh, head of freight rail Siyabonga Gama and chief engineer Thamsanqa Jiyane face charges related to enrichment through corruption. The charge sheet in the largest quantum State Capture case, enrolled by the Independent Directorate Against Corruption (Idac), details a map of where bribes were paid to the four former Transnet executives now facing a quartet of charges related to their role in repurposing the rail utility for extraction worth billions of rands. Former Transnet CEO Brian Molefe, CFO Anoj Singh, head of freight rail Siyabonga Gama and chief engineer Thamsanqa Jiyane face charges related to enrichment through corruption. The four, out on bail of R50,000 each, face charges under four laws, including the Prevention and Combating of Corrupt Activities Act. Idac alleges that the Gupta brothers, Atul, Rajesh and Ajay, paid the four in cash through deliveries, foreign trips and transactions via Gupta-linked entities and companies. While much of the detail was ventilated in proceedings at the Zondo Commission of Inquiry into State Capture, the charges add new legal heft. The State alleges that cash payments were made at: The Guptas' residence in Saxonwold; The Midrand offices of the family's IT company, Sahara; Salim Essa's Melrose Arch apartment and; The Maslow hotel in Sandton. In addition, Atul Gupta transferred funds from several Gupta-controlled companies, which facilitated the bribes, including Oakbay Investments, Westdawn Investments, VR Laser Services, Confident Concept, Tegeta Exploration and Islandsite Investments. Money flow experts, including Paul Holden of Open Secrets, testified to the commission about how the Guptas utilised layers of companies to launder money and facilitate transfer fees. Singh was enriched to the extent that, the commission heard, he did not spend his Transnet salary, but banked it for years. He was allegedly paid at Saxonwold and took many Gupta-sponsored trips to Dubai, to where the brothers and their families had fled. Molefe allegedly received cash at the Gupta residence and at Sahara Computers, where he would pop in for the family's office lunches. Gama was reportedly paid at the Guptas' Saxonwold residence and family acolyte Salim Essa's Melrose Arch apartment, while Jiyane was allegedly paid at The Maslow hotel. Investigators for the State Capture Commission triangulated travel times. They had witnesses who corroborated many of the payments, and this evidence will be used by Idac when the trial begins. The next court date is 6 October. Money trail The charge sheets detail the following bribe money trail against Singh, Molefe, Gama and Jiyane: Singh 'Between January 2014 and April 2015, Mr Singh had attended meetings at the Gupta Saxonwold residence on at least 10 occasions. [He] would generally take a sports bag with him when he attended the meetings. He would emerge from the residence carrying the sports bag, which would be placed in the boot of the vehicle driven by his Close Protection Officer (CPO). It was later discovered that the sports bags contained large amounts of cash. 'On at least six or seven occasions he would instruct his driver to take him to Knox Vaults, a secure storage facility in Killarney, Johannesburg that provided safe deposit boxes. He would thereafter remove the bag from the boot of the vehicle and enter Knox Vaults carrying the bag.' The charge sheet also details all of Singh's sponsored trips to Dubai. Molefe '[Molefe] would generally take a light brown backpack or sports bag with him when he attended meetings held at these venues. After the said meetings he would emerge carrying the aforementioned bags, which were placed inside the boot of the vehicle driven by his CPO. These CPOs later discovered that the bags contained large amounts of cash.' Gama The charge sheet says that Gama attended many meetings at Saxonwold. 'During November 2016, on one of the visits at the Gupta Saxonwold residence, a person emerged carrying a suitcase, which was placed into the boot of the vehicle, which was driven by his CPO. These CPOs later discovered that the suitcase contained a large amount of cash when Gama left the premises. The charge sheet also details how Gama twice picked up 'parcels' from Essa at Melrose Arch, while Jiyane allegedly took possession of the suitcase, which Gama is alleged to have collected at Saxonwold, at The Maslow hotel, where the two met. The State will argue that all four received unlawful gratification and committed fraud at Transnet, thereby violating the Companies Act and the Public Finance Management Act. The chart below shows Idac's progress on State Capture cases identified by the Zondo Commission. The National Prosecuting Authority's Asset Forfeiture Unit, under the leadership of Ouma Rabaji-Rasethaba, has recovered R15-billion in State Capture loot, some of which has been returned to Transnet. DM
Daily Maverick
29-06-2025
- Daily Maverick
Why South Africa's EV ambitions are still stuck in low gear
Naamsa is rolling out a nationwide electric vehicle network but South Africa's road to electric vehicle adoption is still filled with red lights. Electric car sales topped 17 million worldwide in 2024, rising by more than 25% according to the International Energy Agency, but South Africa remains a slow starter in terms of this global trend. The National Association of Automobile Manufacturers of South Africa (Naamsa) thinks it's time to stop stalling. It's now laying the groundwork for a national network of EV charging stations, starting with 120 publicly accessible EV chargers along major transport routes. Forecourts on the frontline By geography and legacy alone, forecourts are perfectly positioned to capitalise on an EV transition, said Shivani Singh, chief projects officer at Naamsa. They've got the traffic, the location, the permits and the land. Yet South Africa has fewer than 400 publicly accessible EV charging stations. Compare that to the 4,800 licensed petrol stations across the country, and the gap between what's happening and what's possible makes itself clear. So, what's holding them back? 'There's a lot of things that face our retailers at the moment,' said Timothy Oliver, fuel specialist at Connect Group South Africa. Among the challenges are limited capital for the diversification of profit centres and limitations imposed by location and oil companies. The days of surviving on a single filling station are numbered, which complicates management. 'We are seeing that the average retailer won't just sit with one site, they'll probably own between five and 10 sites,' Oliver said. Naamsa plugs in This is where Naamsa's latest rollout could change things. The automotive industry body has begun work on a national network of 120 EV charging points, strategically positioned along key routes in the country, Singh said. The rollout will include both ACDC fast chargers, publicly accessible and available for use. It signals a commitment to usable public infrastructure for EVs to replace the broken plugs and barely functional charging stations currently scattered along South Africa's roads. Traditional hybrid EVs achieved the highest sales in 2023. Plug-in hybrid EV sales continued to grow and battery EV sales experienced rapid growth in 2023. (Source: Green Cape, Graph: Kara le Roux) The EV economy South Africa has the mineral wealth required for the EV supply chain but lacks the infrastructure to process or capitalise on it, according to Singh. 'Our EV market is in extremely early stages,' she said. 'We're starting to see the use of electric two-wheelers and three-wheelers for delivery purposes in the rest of Africa, but there's no EV passenger car assembly happening.' Essential for the manufacturing of EV batteries are cobalt, manganese and lithium. Africa holds more than half of the world's reserve for these minerals, said Yael Shafrir, associate director at Webber Wentzel. 'South Africa's Section 12V tax incentive, signed into law in December 2024, offers a 150% deduction for local manufacturers of EV parts, effective 1 March 2026. It's a signal: industrial policy and trade are finally talking to each other.' Leiandra da Silva, an economist at Nedbank, said South Africa's imports are growing at a faster rate than our exports at the moment, and growth in our key trade partners is not looking great either. Most EV charging hardware is imported from China, Singh said, making spare parts unavailable and repairs difficult. Naamsa's charging infrastructure rollout presents an opportunity for localisation. As a part of this project, the association is trying to partner existing charging service providers with local businesses. 'Together they can install the infrastructure, maintain it, but also start to produce components that go into it,' Singh said. It's a pragmatic move that aligns with the Department of Trade, Industry and Competition's automotive master plan and also offers an entry point for South African businesses to participate in the EV economy. How does this affect you? If all goes to plan, small businesses might get a piece of the EV pie through infrastructure and parts manufacturing. Fleet vehicles on fixed routes are best placed to make the EV switch early. Naamsa's rollout promises fewer broken plugs and more reliable charging infrastructure. Your local petrol station might get some charging hubs soon – if the owner can afford the upgrade. Who can afford the future? For all the infrastructure plans and policy ambitions, the fact remains that most South Africans can't afford an EV. 'These fully battery electric vehicles are still sitting at over R900,000 per unit,' Singh said. 'Our chief economist tells us that for quarter one 2025, 74% of new cars that were sold were under R500,000 in value. So South Africans have an affordability challenge.' Another common concern among potential EV buyers is the fear of getting stranded, even though most EVs offer a range of more than 200km a day, Singh said. More pressing is the resale value. With so few EVs changing hands locally, buyers don't know what their cars will be worth in five years, she added. Where wheels keep turning If motorists aren't totally onboard, Singh said there's an opportunity for the logistics and transport sector to carry the torch. 'We think the bus and truck segment is very well suited to making this transition to battery electric vehicles, primarily because they run fixed routes and these vehicles live in a depot a lot of their life,' Singh said. Most depots already have backup power and fleet operators benefit from industrial electricity tariffs, she added. DM
IOL News
26-06-2025
- IOL News
Ransomware threats: How AI can help combat cybercrime
The University of Pretoria is researching cyber threats. Image: File Ransomware has emerged as one of the most devastating cyber threats, wreaking havoc on businesses, governments, and essential services worldwide, and addressing this complex problem requires adopting artificial intelligence to create better detection mechanisms. This is according to Avinash Singh, a lecturer in the Department of Computer Science at the University of Pretoria (UP), who is helping to find the solution. In 2024, a Fortune 50 company paid $75 million to ransomware attackers – the highest confirmed ransom payout in history. Ransomware attacks, once indiscriminate and opportunistic, have evolved into sophisticated, targeted campaigns. The advent of ransomware-as-a-service (RaaS) has lowered barriers to entry for attackers, enabling even novice cybercriminals to access pre-built ransomware kits and technical support. Singh explained that this dark web ecosystem operates much like legitimate software-as-a-service (SaaS) platforms like Gmail and Zoom, except its focus is on digital extortion rather than productivity. In South Africa, the Sophos State of Ransomware 2024 report revealed that the average ransom payment reached R17.9 million, with recovery costs, excluding ransom payments, averaging R19.44 million. Beyond financial costs, attacks like the breach of the National Health Laboratory Service in June 2024, where 1.2 terabytes of sensitive data were stolen, highlight the societal implications, disrupted healthcare services, loss of public trust, and potential harm to individuals whose data is compromised. This is one of many ransomware attacks targeting South African organisations. Addressing this complex problem requires adopting artificial intelligence to create better detection mechanisms. 'Artificial intelligence requires datasets that are often not available, resulting in researchers having to do exhaustive experimentation just to get the necessary data to perform detection tasks,' Singh explains. To solve this lack of data, he designed a tool called MalFE to advance malware research by facilitating the collection and analysis of ransomware samples. 'MalFE enables researchers to create machine-learning datasets more efficiently, compare malware reports, and share findings in an open, collaborative environment. By combining technical innovation with an ethos of transparency and accessibility, the platform embodies the collaborative spirit of this research.' Singh explained that the significance of this work extends beyond individual organisations to the broader societal and economic landscape. 'Cyberattacks on critical infrastructure threaten public services and economic stability, with ripple effects that disrupt entire communities.'
