Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
Ransomware-as-a-Service Spawns Wave of Cyberattacks in Middle East & Africa
Experts advise organizations in the region to refuse to pay ransom demands.
February 29, 2024
Ransomware-as-a-service (RaaS) affiliates are fueling a huge surge in ransomware attacks in the Middle East and Africa (MEA).
In the MEA region, information stolen from 205 companies appeared on ransomware data leak sites — a 68% increase from the previous year's 122 victim companies, according to a new report from Group-IB.
Group-IB's latest Hi-Tech Crime Trends study shows financial services were the primary target, accounting for 13% of victims, followed by real estate and manufacturing sectors, making up 9% of attacks.
The top targeted locations in the MEA region last year were Israel (14 attacks), Turkey (12) and the gulf region (8).
Evil Twin Threat
Ransomware developers commonly either sell or lease their wares to affiliates who then plant the malware in targeted organizations, either by exploiting software vulnerabilities or through phishing attacks. This so-called ransomware-as-a-service business model brings a large pool of less skilled cybercriminals into play, increasing the overall threat.
The ransom demands to victims are often accompanied by a secondary scam of threatening victims with the public release of their confidential files, something that often poses a severe reputational risk.
Organizations in the Middle East and Africa with less mature security controls and expertise are particularly vulnerable to the operational and reputational risks posed by ransomware.
"The maturity of security practices and standards in Middle Eastern and African countries does vary, which means there are targets that can be easily breached," says Christiaan Beek, senior director threat analytics at Rapid7.
Beek says the cultures of some nations, including Qatar, UAE, Saudi Arabia, South Africa, and Turkey, are especially sensitive to a public shaming by ransomware actors. "Hence, a company, particularly based in the Middle East being listed on a ransomware leak site, is a big 'no,'" he notes. "This can be a significant factor in victims deciding to pay ransom demands, with businesses looking to avoid being publicly shamed and called out by ransomware actors."
State-sponsored ransomware threats also pose a big threat to the region, notes James Pickard, head of security testing at IT-Governance. "With the additional geopolitical conflicts exacerbating these vulnerabilities, organizations may become targets for disruption or data access by state-sponsored actors or cybercriminal groups taking advantage of the situation," Pickard says.
Cybersecurity also can be less of a priority for some nations in the region. Anna Collard, senior vice president of content strategy & evangelist at KnowBe4, says wider economic challenges in Africa may explain less focus on cybersecurity, which they may perceive as non-business-critical task.
"One of the biggest challenges we are faced with in this region is the lack of priority by governments, a relatively low level of general cyber awareness as well as a lack of IT and cybersecurity skills," Collard explains. "2023 has been a difficult year for Subsaharan Africa's economy, with growth slowing to 3.3% from 4% in 2022."
Group-IB's ransomware findings are consistent with recent reports blaming ransomware-as-a-service for an increased threat to businesses in Nigeria, for example.
Don't Pay the Ransom
Group-IB found that ransomware attacks worldwide are growing — up in Europe by 52%, APAC (39%) and most markedly, doubling in North America (up 109%).
Ransomware is a global problem that requires constant innovation from cyber professionals, according to Guy Golan, CEO, Performanta.
"Africa must be aware of the cyber threats it faces. Government and businesses need to put robust processes in place designed to protect sensitive data and inform businesses on how to correctly respond to a ransomware attack," Golan says. "As technology access grows across the continent, businesses must ensure any transformation away from vulnerable legacy systems is done so with best practices in mind, reducing the risk of data loss or malicious access."
The number of companies in the MEA region going through digital transformation projects is creating "greater opportunities for cybercriminals to find exploits and launch ransomware attacks," according to Group-IB.
"Given that ransomware groups are financially motivated cybercriminals, the region's most developed economies (such as Turkey, the GCC, South Africa, Israel) make up the most targeted locales," according to Ivan Pisarev, head of threat intelligence at Group-IB.
Pisarev advises that victims do not pay ransomware attackers in order to break the cycle of their economic gains. In addition, "proactive investments in preventive measures and robust cybersecurity strategies are vital" for organizations to protect their assets from ransomware threats, according to Pisarev.
"We also recommend that MEA-based governments and organizations work together with leading cybersecurity vendors to strengthen overall benchmarks, as public-private sector collaboration, as well as joining efforts with law enforcement agencies that operate in the region, such as AFRIPOL, are crucial in this fight," he says.
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024