Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Ransomware-as-a-Service Spawns Wave of Cyberattacks in Middle East & Africa

Experts advise organizations in the region to refuse to pay ransom demands.

4 Min Read
A laptop screen showing ransomware infection and a discouraged user with his head in his hand.
Source: Audrey Popov via Shutterstock

Ransomware-as-a-service (RaaS) affiliates are fueling a huge surge in ransomware attacks in the Middle East and Africa (MEA).

In the MEA region, information stolen from 205 companies appeared on ransomware data leak sites — a 68% increase from the previous year's 122 victim companies, according to a new report from Group-IB.

Group-IB's latest Hi-Tech Crime Trends study shows financial services were the primary target, accounting for 13% of victims, followed by real estate and manufacturing sectors, making up 9% of attacks.

The top targeted locations in the MEA region last year were Israel (14 attacks), Turkey (12) and the gulf region (8).

Evil Twin Threat

Ransomware developers commonly either sell or lease their wares to affiliates who then plant the malware in targeted organizations, either by exploiting software vulnerabilities or through phishing attacks. This so-called ransomware-as-a-service business model brings a large pool of less skilled cybercriminals into play, increasing the overall threat.

The ransom demands to victims are often accompanied by a secondary scam of threatening victims with the public release of their confidential files, something that often poses a severe reputational risk.

Organizations in the Middle East and Africa with less mature security controls and expertise are particularly vulnerable to the operational and reputational risks posed by ransomware.

"The maturity of security practices and standards in Middle Eastern and African countries does vary, which means there are targets that can be easily breached," says Christiaan Beek, senior director threat analytics at Rapid7.

Beek says the cultures of some nations, including Qatar, UAE, Saudi Arabia, South Africa, and Turkey, are especially sensitive to a public shaming by ransomware actors. "Hence, a company, particularly based in the Middle East being listed on a ransomware leak site, is a big 'no,'" he notes. "This can be a significant factor in victims deciding to pay ransom demands, with businesses looking to avoid being publicly shamed and called out by ransomware actors."

State-sponsored ransomware threats also pose a big threat to the region, notes James Pickard, head of security testing at IT-Governance. "With the additional geopolitical conflicts exacerbating these vulnerabilities, organizations may become targets for disruption or data access by state-sponsored actors or cybercriminal groups taking advantage of the situation," Pickard says.

Cybersecurity also can be less of a priority for some nations in the region. Anna Collard, senior vice president of content strategy & evangelist at KnowBe4, says wider economic challenges in Africa may explain less focus on cybersecurity, which they may perceive as non-business-critical task.

"One of the biggest challenges we are faced with in this region is the lack of priority by governments, a relatively low level of general cyber awareness as well as a lack of IT and cybersecurity skills," Collard explains. "2023 has been a difficult year for Subsaharan Africa's economy, with growth slowing to 3.3% from 4% in 2022."

Group-IB's ransomware findings are consistent with recent reports blaming ransomware-as-a-service for an increased threat to businesses in Nigeria, for example.

Don't Pay the Ransom

Group-IB found that ransomware attacks worldwide are growing — up in Europe by 52%, APAC (39%) and most markedly, doubling in North America (up 109%).

Ransomware is a global problem that requires constant innovation from cyber professionals, according to Guy Golan, CEO, Performanta.

"Africa must be aware of the cyber threats it faces. Government and businesses need to put robust processes in place designed to protect sensitive data and inform businesses on how to correctly respond to a ransomware attack," Golan says. "As technology access grows across the continent, businesses must ensure any transformation away from vulnerable legacy systems is done so with best practices in mind, reducing the risk of data loss or malicious access."

The number of companies in the MEA region going through digital transformation projects is creating "greater opportunities for cybercriminals to find exploits and launch ransomware attacks," according to Group-IB.

"Given that ransomware groups are financially motivated cybercriminals, the region's most developed economies (such as Turkey, the GCC, South Africa, Israel) make up the most targeted locales," according to Ivan Pisarev, head of threat intelligence at Group-IB.

Pisarev advises that victims do not pay ransomware attackers in order to break the cycle of their economic gains. In addition, "proactive investments in preventive measures and robust cybersecurity strategies are vital" for organizations to protect their assets from ransomware threats, according to Pisarev.

"We also recommend that MEA-based governments and organizations work together with leading cybersecurity vendors to strengthen overall benchmarks, as public-private sector collaboration, as well as joining efforts with law enforcement agencies that operate in the region, such as AFRIPOL, are crucial in this fight," he says.

About the Author

John Leyden, Contributing Writer

John Leyden is an experienced cybersecurity writer, having previously written for the Register and Daily Swig.

Image source: Dorota Szymczyk via Alamy Stock Photo

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights