Recent Ransomware Group Activities in Africa
In recent years, there has been a significant increase in ransomware attacks in Africa, with ransomware-as-a-service being a popular choice among cybercriminals. Ransomware-as-a-service is a business model where cybercriminals rent ransomware infrastructure from other cybercriminals to launch attacks.
One of the recent ransomware attacks in Africa was the WannaCry attack in May 2017, which affected numerous organizations in more than 150 countries. The attack was particularly devastating in Africa, where many organizations still rely on outdated software and operating systems.
Another notable ransomware attack in Africa was the Petya attack in June 2017, which affected organizations in Ukraine, Russia, and other countries, including Africa. The attack targeted vulnerable systems, including those running outdated software and operating systems.
Also in October 2019, a ransomware-as-a-service group called “GandCrab” reportedly targeted various organizations in South Africa, demanding payments in Bitcoin.
More recently, we have seen ALPHV and Lockbit groups working tirelessly in Africa, targeting sectors like “Insurance”, “Financial Services”, “Telecommunication”, “Construction and Engineering”, “Retail” and “Entertainment”. These sectors cut across African countries from South Africa, Nigeria, Angola, Mauritius, and Kenya. This attack highlights the growing trend of ransomware-as-a-service attacks in Africa.
To mitigate the risk of falling victim to ransomware attacks, organizations in Africa need to implement proper cybersecurity measures including threat intelligence and hunting, enriching IoC with trending attacks, including regular software updates which include patching vulnerabilities exploited in the wild, zero-day and regular patches, robust firewalls, and employee training on how to recognize and avoid phishing emails.
In conclusion, ransomware attacks are becoming increasingly prevalent in Africa, and organizations need to be proactive in protecting their systems and data. Failure to do so could result in devastating consequences, including financial loss and damage to an organization’s reputation.
