How valuable is your data? In 2024, a Fortune 50 company paid $75 million to ransomware attackers – the highest confirmed ransom payout in history.

Ransomware has emerged as one of the most devastating cyber threats, wreaking havoc on businesses, governments and essential services worldwide. Ransomware attacks, once indiscriminate and opportunistic, have evolved into sophisticated, targeted campaigns. The advent of ransomware-as-a-service (RaaS) has lowered barriers to entry for attackers, enabling even novice cybercriminals to access pre-built ransomware kits and technical support.

This dark web ecosystem operates much like legitimate software-as-a-service (SaaS) platforms like Gmail and Zoom, except its focus is on digital extortion rather than productivity. In South Africa, the Sophos State of Ransomware 2024 report revealed that the average ransom payment reached R17.9 million, while recovery costs, excluding ransom payments, averaged R19.44 million. Beyond financial costs, attacks like the breach of the National Health Laboratory Service in June 2024, where 1.2 terabytes of sensitive data were stolen, highlight the societal implications: disrupted healthcare services, loss of public trust and potential harm to individuals whose data is compromised. This is one of many ransomware attacks targeting South African organisations.

Addressing this complex problem requires adopting artificial intelligence to create better detection mechanisms. Avinash Singh, a lecturer in the Department of Computer Science at the University of Pretoria (UP), is helping to find the solution.

“Artificial intelligence requires datasets that are often not available, resulting in researchers having to do exhaustive experimentation just to get the necessary data to perform detection tasks,” he explains.

To solve this lack of data, he designed a tool called MalFE to advance malware research by facilitating the collection and analysis of ransomware samples.

“MalFE enables researchers to create machine-learning datasets more efficiently, compare malware reports and share findings in an open, collaborative environment. By combining technical innovation with an ethos of transparency and accessibility, the platform embodies the collaborative spirit of this research.”

The significance of this work extends beyond individual organisations to the broader societal and economic landscape. Cyberattacks on critical infrastructure threaten public services and economic stability, with ripple effects that disrupt entire communities. By developing innovative tools like MalFE and promoting comprehensive defence strategies, this research not only addresses the immediate challenge of ransomware but also strengthens the resilience of vital systems.

Globally, ransomware is a multi-billion-dollar problem, with attacks causing widespread damage and highlighting systemic vulnerabilities. The research helps safeguard critical infrastructure and promotes secure digital practices, thereby contributing to creating stable and sustainable societies.

“Unlike conventional cybersecurity projects that often operate in silos, this work emphasises the importance of shared knowledge and accessibility,” Singh says. “MalFE, for example, allows researchers across the globe to contribute and benefit from its resources, fostering an ecosystem of collective action against ransomware. Moreover, the research provides a comprehensive perspective on the ransomware challenge as it focuses on the intersection of technical and societal dimensions.”

By addressing both the technical mechanisms of cyberattacks and their broader implications, the research bridges gaps between disciplines and offers actionable insights for policymakers, industry leaders and academics.