Why Ransomware Could Surge in the Middle East & Africa

Organizations from the Middle East and Africa have typically escaped public ransoms, but thats changing amid heightened geopolitical conflicts and digitalization initiatives.

Cybercrime — and especially ransomware — traditionally have had an uneven impact across the Middle East and Africa (ME&A), yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions.
South Africa saw a significant surge in attacks, with 78% of companies hit by ransomware in 2023, compared to 51% in 2022, according to
the State of Ransomware 2023 report
published by Sophos earlier this year.
However, the United Arab Emirates (UAE), for example, saw 70% fewer ransomware attacks in 2022, compared to the previous year, following greater international cooperation, according to
statements by UAE government officials
.
Cyber operations, including ransomware, will likely expand, as the ongoing conflict between Israel and Palestinians raises tensions in the region, much in the same way that Russias invasion of Ukraine spurred greater attacks, says Jens Monrad, head of threat intelligence for the Europe, ME&A region at Google Mandiant.
Cyber is now playing a role in any sort of geopolitical conflict, because its a domain that ... comes with less cost and brings uncertainty, in terms of attribution, he says, adding that activity will likely continue to escalate. We havent really figured out how to draw a clear red line in the cyber domain. The line keeps being pushed, rather than somebody saying, now youve crossed the line.
Ransomware data continues to be scarce in the region. In its
Digital Defense Report 2023
, Microsoft noted that the top four ransomware families — Magniber, Lockbit, Hive, and Blackcat — accounted for two-thirds (65%) of all ransomware encounters and, of the four groups, only a single one, Blackcat, had extensive targets in a ME&A nation — in this case, Israel, which ranked fifth in that malwares targeted regions.
The trend in the more general category of cyberattacks is clearer: two-thirds of cyberattacks in ME&A targeted either Israel, United Arab Emirates, Saudi Arabia, or Jordan, according to Microsofts data collected prior to the current Israeli-Palestinian conflict. More than half of the attacks (52%) targeting the region focused on the education, government, information technology, and communications sectors — typical espionage targets.
Surges in cyberattacks typically follow geopolitical conflict. The ME&A is experiencing that trend as well: Attacks conducted by Iran-linked actors, for example, focused on Israel between July 2022 and June 2023, a shift from the previous 12 months in which Iranian actors focused on the United States. The shift followed a highly sophisticated campaign of cyberattacks in 2021 and 2022 by an Israel-linked group, dubbed
Predatory Sparrow
, which had targeted Irans critical infrastructure, including steel factories, state broadcasters, gas stations, and trains, Microsoft stated in its report.
Irans cyber-enabled influence operations have pushed narratives that seek to bolster Palestinian resistance, sow panic among Israeli citizens, foment Shiite unrest in Gulf Arab countries, and counter the normalization of Arab-Israeli ties, Microsoft stated in the report. While specific narratives varied, the underlying goal was often the same. Tehran likely sought to retaliate against what it perceived were efforts by foreign actors to foment unrest in Iran.
Some of Irans claimed attacks, however, have been exaggerated,
according to Microsoft
. And, while Iran-linked groups are some of the most active, the Palestinian-linked Molerats group
recently used an improved downloader
as part of its initial access operations.
Russian interests in ME&A may have a dampening effect on ransomware activity, since many ransomware groups operate out of Russia, says Mandiants Monrad.
I think its a fair argument to say that these groups are also carefully vetting their victims to ensure that they dont endanger or put themselves at risk, he says. If they engage in extortion schemes in countries where there are stronger diplomatic and trade relations ... you could potentially expect a political response to [the victims] asking Russia to do something.
Overall, companies in the region need to improve their cybersecurity maturity, says Brian Honan, CEO of BH Consulting, an independent cybersecurity and data-protection consulting firm based in Dublin that has clients in the Middle East.
Where the Middle Eastern area struggles is their cybersecurity may not be as mature or have as much investment as in other regions, he says. Many of the bigger organizations will have good cybersecurity in place, but in general, [they are] more vulnerable than their western counterparts.
Overall, 65% of CISOs in the Kingdom of Saudi Arabia and 47% in the UAE had a material loss of sensitive information in the past 12 months, according to
the 2023 Voice of the CISO report
published by security firm Proofpoint earlier this year.
Companies in the ME&A region are aiming to improve, however. Attacks on connected devices and cloud-related threats are the top cyberthreats for companies in the Middle East, according to a regional survey conducted for
PricewaterhouseCoopers Digital Trust Insights 2024 report
. The worries are leading more than three-quarters of firms (77%) to increase their cyber budgets in 2024, according to the consultancy.
Increasing digitization means companies are exposed to new digital vulnerabilities, making an effective approach to cybersecurity and digital trust more important than ever, PwC stated in the report, adding: Middle East respondents revealed that loss of revenue — in terms of lost contracts, lost business opportunities — was the top concern for the outcomes of potential cyber attack in the next 12 months.
Companies still have to strive to do the cybersecurity basics. More than 80% of all compromised started with an unmanaged devices, Microsoft stated in its Digital Defense Report 2023.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Why Ransomware Could Surge in the Middle East & Africa