The industry consensus about ransomware is that it’s not going away anytime soon, evidenced by the consistent growth of ransomware attacks over the past decade. We’ve seen some of the biggest ransomware attacks in history — including the JBS, Colonial Pipeline, and Equifax breaches — over the last five years. What’s more, between 2023 and 2024, there was an 81% year-on-year jump in the number of recorded ransomware attacks, according to cybersecurity research firm Black Kite.
And according to a report earlier this year by cybersecurity research firm Performanta, ransomware gangs have a new strategy: Ransomware-as-a-Service (RaaS) organizations are focusing on African nations as initial targets for nation-state attacks before launching malicious campaigns in more developed climes.
But what makes Africa a choice destination for these so-called “RaaS gangs,” and what does this mean for the burgeoning economies on the continent?
Why Africa?
The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors, but also cybercriminals. Performanta’s report, which shows that Africa is increasingly becoming a testing ground for ransomware attacks, raises serious concerns for the continent’s future and underscores the urgent need for collaboration between African states, corporations, and the West.
One draw for the cyber gangs is the continent’s overall low levels of cybersecurity strategy at the national level. In the 2024 edition of the United Nations International Telecommunication Union’s Global Cybersecurity Index, only nine out of 44 countries in Africa qualified for the first or second tier of cybersecurity maturity. While this is an improvement over the previous report’s rankings, that still leaves swathes of the continent less prepared.
Funsho Richard, a senior cybersecurity analyst and consultant, agrees with Performanta’s findings. “Africa’s potential for profitable attacks amidst its digital growth is a magnet for cybercriminals,” he says. Ransomware gangs and nation-state actors are exploiting the continent’s weaker cybersecurity defenses to refine their methods in a “lower-risk environment” before launching attacks on better-secured developed nations.
This approach makes perfect sense from the attackers’ perspective. As Gal Nakash, co-founder and CPO at identity-based SaaS security company Reco, explains, “Building a sophisticated testing environment for a campaign is challenging. Leveraging less interesting or poorly secured victims is more effective and increases the likelihood of remaining undetected by security tools.”
In June, South Africa’s National Health Laboratory Service (NHLS) confirmed it was dealing with a ransomware attack that significantly affected the dissemination of lab results as the country responds to an outbreak of mpox (previously known as monkeypox). The NHLS runs 265 laboratories across South Africa that provide testing services for public healthcare facilities in the country’s nine provinces. The spokesperson declined to say which ransomware group was behind the incident or whether a ransom was paid.
Signs and Guardrails
So, how can African businesses identify these potential “ransomware testing” campaigns? Richard points out that, unlike traditional ransomware attacks that target specific industries like finance or energy, these campaigns might target a wider range of businesses.
Traditionally, ransomware gangs have a well-defined appetite: high-value sectors like finance, manufacturing, and energy. A recent surge in attacks targeting a wider range of businesses across various industries in Africa could be a red flag, indicating a testing campaign in progress. Performanta’s research also validates this concern. The report reveals a “large increase in financial/banking trojans with a 59% increase in Kenya and a 32% increase in Nigeria across a single quarter,” suggesting gangs are casting a wider net.
Performanta’s report suggests African organizations may not be fully prepared for this shift in attack tactics. While Nakash expresses confidence in the capabilities of modern cybersecurity solutions like extended detection and response/endpoint detection and response (XDR/EDR), he acknowledges a lack of widespread adoption. But he says that businesses that regularly update their cybersecurity controls and policies can stop attackers dead in their tracks.
“This includes maintaining visibility into their entire network environment, encompassing cloud, SaaS (Software-as-a-Service), on-premises infrastructure, and all the applications they use daily. Critical applications should be mapped, and robust policies and alert notifications should be set up to identify and address any violations or misconfigurations that could create potential security vulnerabilities,” Nakash says.
However, to spot the wider trend of test campaigns requires national coordination and strategy, as well as regional cooperation. The Africa Center for Strategic Studies cites several regional initiatives, such as Afripol, but warns that only 17 countries on the continent even have a national cybersecurity strategy.
Building a Strong Defense
What businesses on the continent need to stay cyber safe is a foundational approach — doing the basic things the right way. “Organizations need thorough visibility into their entire network environment, including cloud and on-premises infrastructure,” Nakash says. Ensuring that all configurations adhere to best security practices and setting up alert notifications for any suspicious activity are essential steps to prevent potential threats.
The fight against cybercrime requires a united front. Guy Golan, executive chairman and CEO at Performanta, emphasizes this point, noting, “The West and Africa must implement long-term collaborative efforts to build a strong defense against this threat.” By sharing knowledge, resources, and best practices, both continents can work together to create a more secure digital landscape for all.
Building resilience against these attacks isn’t just about protecting individual businesses; it’s about safeguarding the future of Africa’s booming digital economy. “The solution lies in long-term collaborative efforts. Only then can we effectively combat this growing threat,” says Richard.
The use of Africa as a testing ground for ransomware attacks is a troubling development that shows the need for enhanced cybersecurity measures across the continent. By understanding the trends and characteristics of these attacks, businesses can better prepare and protect themselves. Collaboration between nations, coupled with the adoption of advanced security technologies, is key in combating the growing global threat of ransomware.
Source link
#Criminals #Testing #Ransomware #Africa
Unlock the potential of cutting-edge AI solutions with our comprehensive offerings. As a leading provider in the AI landscape, we harness the power of artificial intelligence to revolutionize industries. From machine learning and data analytics to natural language processing and computer vision, our AI solutions are designed to enhance efficiency and drive innovation. Explore the limitless possibilities of AI-driven insights and automation that propel your business forward. With a commitment to staying at the forefront of the rapidly evolving AI market, we deliver tailored solutions that meet your specific needs. Join us on the forefront of technological advancement, and let AI redefine the way you operate and succeed in a competitive landscape. Embrace the future with AI excellence, where possibilities are limitless, and competition is surpassed.