Kenyan Companies Are Paying Millions After Hackers Lock Their Systems and Demand Ransom for the Data

For a growing number of companies, the working day begins with a familiar ritual. Systems boot up, dashboards load, emails trickle in. Then one morning the screens look different. Files refuse to open. Access disappears. A note appears instead.

Pay.

Across Kenya, ransomware has become one of the most expensive hazards attached to doing business online. Industry estimates suggest small and medium enterprises now lose between Sh2 million and Sh15 million per incident. Larger Kenyan corporates face demands between Sh20 million and Sh50 million. For multinationals operating locally, the figure can climb toward Sh100 million.

Those numbers are no longer rare outliers. They are part of a pattern forming around the country’s digital economy.

Behind the headline figures sits a deeper story about how businesses digitised faster than their security habits evolved, and how cybercriminals learned to exploit that gap with increasing precision.

A Digital Economy Meets an Old Criminal Instinct

Kenya’s reputation as one of Africa’s most digitally active economies has long been a point of pride. Mobile money, cloud software, and online marketplaces now sit at the centre of everyday commerce. Payroll systems, procurement tools, customer databases, and financial records increasingly live on interconnected platforms.

That convenience carries a hidden fragility.

Industry tracking shows 4.56 billion attempted cyber breaches targeting companies in Kenya during the last quarter of 2025. That represents a 441 percent increase compared with the preceding quarter.

The scale alone hints at a change in tempo. Cybercrime used to be sporadic for many firms. Now it resembles background noise, constant and probing.

According to William Makatiani, founder and chief executive of Serianu Limited, ransomware remains one of the threats that most often keeps corporate technology teams awake at night.

A typical incident begins in mundane fashion. An employee clicks an email attachment that looks legitimate. Or a compromised password opens a back door. Once inside the network, attackers move laterally, mapping the system before activating encryption software that locks files and demands payment.

By the time staff notice something is wrong, the system is already under someone else’s control.

When Paying Unlocks Only One Door

Ransomware used to be relatively crude. Attackers locked an entire system and demanded a single payment.

That approach has evolved.

Recent incidents in Kenya show attackers encrypting different parts of a company’s digital infrastructure with separate keys. Finance records may be locked under one code. Customer databases under another. Internal communications under a third.

The logic is simple. If a company pays to unlock one section of its system, it may discover another locked door waiting behind it.

Negotiations can drag on for days.

The financial hit extends beyond the ransom itself. Businesses lose operational time while systems remain frozen. Sales halt. Customer service stops functioning. Logistics networks stall. Some companies then spend additional millions rebuilding corrupted data or restoring servers from backups that may or may not work.

The cost multiplies long after the initial breach.

Insurance Exists, Yet Few Firms Use It

Cyber insurance exists precisely for this type of crisis. In Kenya, adoption remains thin.

Many companies still treat cyber incidents as a technical issue rather than a financial risk requiring structured protection. Security teams attempt to prevent attacks. Finance departments worry about insurance later, often after damage has already occurred.

That gap in thinking has become more visible as insurers begin offering policies tailored to digital threats.

During the unveiling of a cybersecurity insurance policy, Parul Khimasia, chief operating officer at APA Insurance, pointed to the contradiction facing modern businesses.

Nearly every corporate process now depends on digital infrastructure. Customer data, financial records, communication systems, and supply chains increasingly operate through networked software. When those systems fail or become compromised, the business effectively stops.

Insurance, in theory, should cushion that risk. In practice, many companies still treat cybersecurity spending as discretionary.

The result is a strange imbalance. Firms invest heavily in technology that drives revenue while spending comparatively little on protecting the systems themselves.

A Boardroom Problem Disguised as an IT Issue

Cyber risk once sat comfortably inside the IT department. That arrangement no longer reflects reality.

Ransom demands running into tens of millions of shillings cannot be authorised by technicians alone. They land in boardrooms.

According to Ashok Shah, chief executive of APA Apollo Group, cyber risk now belongs squarely in the strategic category for corporate leadership. Directors must decide whether to pay a ransom, negotiate with attackers, or absorb operational damage while rebuilding systems.

None of those choices are straightforward.

Paying a ransom may restore operations quickly, but it also funds criminal networks and offers no guarantee that stolen data will remain private. Refusing payment may protect principle yet prolong disruption.

Many companies discover that their crisis plans did not fully anticipate this dilemma.

Artificial Intelligence Enters the Criminal Toolkit

Another layer complicates the picture. Cybercrime is absorbing the same technological tools that legitimate industries use.

Artificial intelligence systems can now generate phishing emails that read convincingly human. They can mimic writing styles, create plausible business conversations, or produce messages that appear to come from trusted colleagues.

Impersonation attacks have grown more convincing as a result.

Ransomware software itself is also becoming more modular. Attack kits circulate on underground marketplaces, allowing criminals with limited technical expertise to launch sophisticated attacks. Some platforms even operate under a profit sharing model where developers provide the software while affiliates carry out intrusions.

The barrier to entry keeps falling.

This dynamic partly explains the sudden increase in attempted breaches recorded across Kenya. The number reflects automation as much as criminal intent.

Trust Becomes the Hidden Casualty

The direct financial losses dominate headlines, but the less visible damage often unfolds later.

When customers learn that a company’s systems were compromised, confidence can erode quickly. Businesses that rely on digital transactions, subscription platforms, or online customer accounts may face difficult questions about how securely their data is stored.

Service interruptions create their own problems. An e commerce platform offline for several days can lose both sales and credibility. A financial services firm locked out of its own database faces regulatory scrutiny alongside reputational harm.

Recovery therefore extends beyond restoring servers.

Companies must rebuild trust with customers, partners, and regulators who suddenly see vulnerabilities that had been invisible before the attack.

The Uneven Security Landscape

Large corporations often maintain dedicated cybersecurity teams, external consultants, and structured risk management frameworks.

Small and medium enterprises rarely have those resources.

Many SMEs rely on outsourced IT support or small internal teams juggling several roles at once. Security updates get postponed. Password management remains inconsistent. Backup systems may exist but are rarely tested under real pressure.

That uneven preparedness creates an attractive hunting ground for attackers.

Ironically, smaller companies sometimes store valuable information such as supplier records, payroll details, or financial data that can be exploited or sold. Criminal groups recognise that these firms are less likely to have sophisticated defences.

The result is a steady stream of smaller incidents that rarely become public yet collectively drain millions from the business sector.

Kenya’s Digital Growth Meets a Hard Question

Kenya’s digital economy continues to expand across banking, retail, logistics, and public services. That expansion depends on trust in connected systems.

Ransomware attacks now test that trust.

The surge in attempted breaches suggests that cybercrime has recognised Kenya as a lucrative environment. Businesses handle significant volumes of digital transactions while many still navigate the learning curve of cybersecurity investment.

For regulators, insurers, and corporate leaders, the challenge lies in deciding how seriously to treat the risk before the next wave of attacks lands.

For businesses already dealing with the aftermath of encrypted systems and ransom demands, the lesson has become painfully clear. Digital infrastructure may run the modern company, but it also exposes a new frontier of vulnerability that refuses to stay confined to the IT department.

Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent and across the world. 

Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke