South Africa
ZARansomware victim intelligence profile ยท Ranked #32 globally ยท Updated: May 24, 2026
Ransomware Threat Profile: South Africa
South Africa ranks #32 globally for ransomware attacks, with 73 confirmed victims in this database โ representing 0.4% of the worldwide total. The most active ransomware groups targeting South Africa include Lockbit3, Thegentlemen, Devman.
The most frequently targeted industries in South Africa are Public Sector, Business Services, Manufacturing. The healthcare sector is particularly vulnerable because attacks on hospitals and medical providers can create life-threatening situations, increasing pressure to pay ransoms quickly.
South Africa's attack volume reflects broader trends in ransomware targeting: the volume of attacks reflects the country's integration into the global economy and the proliferation of ransomware operations that target organisations of all sizes worldwide.
Organisations in South Africa should consider the active threat groups documented here when assessing their cybersecurity posture, implementing detection rules, and prioritising incident response planning.
Recent Victims in South Africa (20 cached of 73 total)
| # | Organization | Group | Sector | Date |
|---|---|---|---|---|
| 1 | Standard Bank Group | Prinzeugen | Financial Services | May 4, 2026 |
| 2 | cgcsa.co.za | Stormous | Business Services | May 3, 2026 |
| 3 | Sunspray Food | Thegentlemen | Agriculture and Food Production | Apr 19, 2026 |
| 4 | megasurf.co.za | Krybit | Consumer Services | Apr 9, 2026 |
| 5 | singita.com | Dragonforce | Hospitality and Tourism | Apr 2, 2026 |
| 6 | ETFSA | Incransom | Financial Services | Mar 26, 2026 |
| 7 | Semenya Furumele Consulting Engineers | Nightspire | Construction | Mar 22, 2026 |
| 8 | Elundini | Thegentlemen | Public Sector | Mar 21, 2026 |
| 9 | theunlimited.co.za | Dragonforce | Financial Services | Mar 20, 2026 |
| 10 | diesel-electric.co.za | Lockbit5 | Energy | Mar 1, 2026 |
| 11 | EnerTec | Vect | Manufacturing | Feb 24, 2026 |
| 12 | aircotedivoire.com | Incransom | Transportation/Logistics | Feb 19, 2026 |
| 13 | Intsika Yethu Municipality Government | Thegentlemen | Public Sector | Feb 15, 2026 |
| 14 | Witzenberg Municipality | Thegentlemen | Public Sector | Jan 20, 2026 |
| 15 | Rola Motor Group | Thegentlemen | Consumer Services | Jan 20, 2026 |
| 16 | Paltrack | Thegentlemen | Technology | Jan 20, 2026 |
| 17 | Hytec South Africa | Vect | Manufacturing | Jan 6, 2026 |
| 18 | National Credit Regulator (NCR) | Dragonforce | Financial Services | Dec 24, 2025 |
| 19 | elundini.gov.za | Lockbit5 | Public Sector | Dec 7, 2025 |
| 20 | Diesel Electric | Qilin | Manufacturing | Dec 6, 2025 |
Frequently Asked Questions
How many ransomware attacks have occurred in South Africa?
South Africa has recorded 73 ransomware victim disclosures in this database, ranking #32 globally. This represents 0.4% of all tracked ransomware attacks worldwide.
Which ransomware groups target South Africa?
The ransomware groups most active in South Africa are Lockbit3, Thegentlemen, Devman, Incransom. These groups collectively account for the majority of victim disclosures attributed to South Africa.
Which industries are most targeted by ransomware in South Africa?
In South Africa, the most frequently targeted sectors are Public Sector, Business Services, Manufacturing. These industries hold valuable data and often have critical operational requirements that make them attractive ransomware targets.
How does South Africa rank globally for ransomware attacks?
South Africa ranks #32 globally for ransomware attacks with 73 victim disclosures, representing 0.4% of the worldwide total of 18,042 tracked victims.
How can organisations in South Africa protect against ransomware?
Organisations in South Africa should implement a layered security approach including regular offline backups, network segmentation, multi-factor authentication, endpoint detection and response (EDR) tools, and employee security awareness training. Monitoring threat intelligence feeds for active groups targeting South Africa is also recommended.