Ransomware-as-a-Service (RaaS) affiliates are fueling a huge wave of ransomware attacks in the Middle East and Africa (MEA).
In the MEA region, information stolen from 205 companies appeared on ransomware data leak sites – a 68% increase from the 122 companies victimized the previous year, according to a new report from Group-IB.
The latest hi-tech crime trends from Group-IB The study shows that financial services were the main target, accounting for 13% of victims, followed by real estate and manufacturing sectors, which accounted for 9% of attacks.
The main locations targeted in the MEA region last year were Israel (14 attacks), Turkey (12) and the Gulf region (8).
Evil twin menace
Ransomware developers commonly sell or rent their products to affiliates who then insert the malware into targeted organizations, exploiting software vulnerabilities or through phishing attacks. This so-called ransomware as a service The business model brings a large pool of less-skilled cybercriminals into play, increasing the overall threat.
Ransom demands to victims are often accompanied by a secondary scam that involves threatening victims with making their confidential files public, which often poses a serious reputational risk.
Organizations in the Middle East and Africa with less mature security controls and expertise are particularly vulnerable to the operational and reputational risks posed by ransomware.
“The maturity of security practices and standards in Middle Eastern and African countries varies, which means there are targets that can easily be breached,” says Christiaan Beek, senior director of threat analysis at Rapid7.
Beek says the cultures of some nations, including Qatar, the United Arab Emirates, Saudi Arabia, South Africa and Turkey, are particularly sensitive to public shaming by ransomware authors. “So the fact that a company, especially one based in the Middle East, is listed on a ransomware leak site is a big ‘no,’” he notes. “This may be a significant factor in victims deciding to pay ransom demands, with companies seeking to avoid being publicly shamed and sued by ransomware authors.”
State-sponsored ransomware threats also pose a big threat to the region, notes James Pickard, head of security testing at IT-Governance. “With further geopolitical conflicts exacerbating these vulnerabilities, organizations could become targets of disruption or data access by state-sponsored actors or cybercriminal groups taking advantage of the situation,” Pickard says.
Cybersecurity may also be a lower priority for some nations in the region. Anna Collard, senior vice president of content strategy and evangelist at KnowBe4, says broader economic challenges in Africa may explain less focus on cybersecurity, which may be perceived as a non-business-critical task.
“One of the biggest challenges we face in this region is a lack of priority from governments, a relatively low level of overall cyber awareness, as well as a lack of IT and cybersecurity skills,” explains Collard. “2023 was a difficult year for the sub-Saharan African economy, with growth slowing to 3.3% from 4% in 2022.”
Group-IB ransomware findings are consistent with recent reports for example, blaming ransomware-as-a-service for a growing threat to businesses in Nigeria.
Don’t pay the ransom
Group-IB found that ransomware attacks around the world are growing: in Europe by 52%, APAC (39%) and, most markedly, doubling in North America (+109%).
Ransomware is a global problem that requires constant innovation from IT professionals, according to Guy Golan, CEO of Performanta.
“Africa needs to be aware of the cyber threats it faces. Government and businesses need to put in place robust processes designed to protect sensitive data and inform companies how to properly respond to a ransomware attack,” says Golan. “As access to technology grows across the continent, companies must ensure that any transformation from vulnerable legacy systems is done with best practices in mind, reducing the risk of data loss or malicious access.”
According to Group-IB, the number of companies in the MEA region undergoing digital transformation projects is creating “increased opportunities for cybercriminals to find exploits and launch ransomware attacks.”
“Given that ransomware groups are financially motivated cybercriminals, the most developed economies in the region (such as Turkey, GCC, South Africa, Israel) constitute the most targeted locations,” according to Ivan Pisarev, head of threat intelligence at Group-IB.
Pisarev advises victims not to pay ransomware attackers to break the cycle of their economic gains. Additionally, according to Pisarev, “proactive investments in preventative measures and robust cybersecurity strategies are vital” for organizations to protect their assets from ransomware threats.
“We also recommend that governments and organizations based in the MEA collaborate with leading cybersecurity vendors to strengthen overall benchmarks, as public-private sector collaboration, as well as joint efforts with law enforcement operating in the region, such as AFRIPOL, are crucial in this fight,” he says.