Presented by Orange Cyberdefense

Shift in ransomware attacks – South Africa and emerging markets more at risk

 ·30 Jan 2023

Malicious parties are changing their focus from North America to regions like Europe, Asia, and South Africa when it comes to Cyber Extortion.

This is one of the most fascinating findings from the ground-breaking Security Navigator report published by Orange Cyberdefense in December 2022.

“This could be because the US has increased its pressure on cyber criminals – and new markets present a less-risky opportunity for threat actors” explains Charl van der Walt, Head of Security Research at Orange Cyberdefense and the lead author of the report.

“Large, English-speaking countries have always been the most impacted by Cyber Extortion. This is primarily because of the size of their economies. The bigger the economy, the more businesses, the more potential victims, the more compromised victims.”

“This however started changing in 2021 and has continued to do so throughout 2022.”

“We observed a drop in US based volumes of 8% in the last 12 months, and a notable drop of 32% for victims in Canada.”

“The location of victims seems to be shifting – from the US and Canada, through the UK and Western Europe, and toward the rest of the world, including South Africa.”

“The EU and the UK saw their cyber extortion victims grow by 18% and 21%. The most significant growth, however, can be seen in Africa (+50%), the Middle East (+79%) and South Asia (+100%).”

This, he says, may be due to the high level of attention attacks against businesses in the US have attracted from Intelligence Agencies, Regulators and Law Enforcement and may be causing actors to ‘hold back’ on compromising or extorting victims in the USA, Canada and the UK.

“Some countries may therefore be able to manage the flow of victims in their backyards, but to the extent that they succeed, we anticipate the crime will only spill over to other, smaller and non-anglophone countries.”

“We use the term Cyber Extortion as a more accurate description of the crime than ransomware. ‘Ransomware’ refers to a form of malware sometimes used to underpin this kind of crime, not the form of the crime itself. The crime in question doesn’t depend on this kind of malware either.”

“Given this shift away from malware to simple data theft or denial of service (DoS), the use of the term ransomware doesn’t cover the actual crimes being committed, from access to computers, theft of data and ultimately, some kind of extortion.” clarified Charl van der Walt.

Threat Intelligence Webinar

Van der Walt will be sharing his observations and insights into the global threat landscape in an exclusive webinar unpacking the report on Feb 1st.

The online briefing will cover topics like:

  • Quo vadis, Ransomware? The cyber extortion (Cy-X) landscape is shifting. Who “benefits” and who is at risk now?
  • Vulnerabilities galore: How do businesses keep up with the flood of patches and weaknesses they encounter every day?
  • Telling a better story: How the VERIS categorisation helps us to understand and quantify cyber risks better.

There will be two identical sessions on Wednesday, 1 February – one at 11:00 and another at 18:00 with the recording being shared with those who’ve registered after the webcast.

If you work in the IT or Information Security industry, this is a can’t-miss online event designed to share valuable insights into the fast evolving cyber threat landscape and the nature of cybercrime to help inform your security strategies for the year ahead.

Orange Cyberdefense is the expert cyber security business unit of the Orange Group, providing managed security services, managed threat detection & response services to organisations around the globe. Orange Cyberdefense South Africa is headquartered in Pretoria and has been operating since 2000.

Subscribe to our daily newsletter