Ransomware attacks are escalating rapidly across Africa, with Nigeria ranking third on the continent after Egypt and South Africa, recording 3,459 threat detections in 2024 alone.
This is according to INTERPOL’s newly released 2025 Africa Cyberthreat Assessment Report, which reveals that cyber-enabled crimes are evolving at an alarming rate. Data from INTERPOL’s private sector partners indicates a sharp increase in monthly ransomware detections, highlighting how Africa’s expanding digital ecosystem is becoming a prime target for sophisticated cybercriminal networks.
Highly digitized economies bore the greatest brunt of these threats. In West and East Africa, cybercrime now accounts for over 30% of all reported crimes, according to Nairametrics.
Top 10 African Countries by Ransomware Detections (2024):
1. Egypt – 17,849
2. South Africa – 12,281
3. Nigeria – 3,459
4. Kenya – 3,030
5. Gambia – 1,729
6. Ghana – 1,671
7. Tunisia – 1,232
8. Algeria – 1,117
9. Morocco – 1,076
10. Ethiopia – 953
INTERPOL identified online scams, business email compromise (BEC), ransomware, and sextortion as Africa’s most prevalent cyberthreats. However, their impacts vary across regions, depending on each country’s infrastructure, cybersecurity frameworks, and digital literacy levels.
Major Disruptions and Financial Damage : In 2024, ransomware attacks caused significant financial losses and operational disruptions across vital sectors such as finance, energy, infrastructure, government, and telecommunications.
Notable incidents include:
– Flutterwave (Nigeria): Hackers reportedly stole $7 million from the fintech giant in April.
-ENEO (Cameroon): Experienced disruptions in power management.
-Kenya’s Urban Roads Authority (KURA): Suffered infrastructure data breaches.
-Nigeria’s National Bureau of Statistics (NBS) and Kenya’s Micro and Small Enterprise Authority (MSEA): Both government agencies were attacked in December 2024.
-South Africa’s Department of Defence: Lost 1.6 terabytes of sensitive data, including presidential contact details, to the Snatch ransomware group.
-Telecom Namibia: Experienced a breach affecting over 619,000 clients, with 626.3 GB of personal and institutional data leaked.
-Ransom demands often ranged from tens of thousands to millions of dollars, usually paid in cryptocurrency, leaving organizations struggling with recovery costs, prolonged downtimes, and lost revenues.
Key Ransomware Gangs Driving Africa’s Cyber Crisis
– LockBit
– A notorious Ransomware-as-a-Service (RaaS) syndicate.
– Conducted several attacks across Africa, including on South Africa’s Government Employees Pension Fund (GEPF).
– Despite a temporary operational disruption following global law enforcement seizures, LockBit quickly resurfaced, resuming data leaks and worsening victims’ crises.
Hunters International
Targets telecom, government, and financial institutions.
July 2024: Breached Kenya’s KURA, stealing 18 GB of data.
December 2024: Attacked Telecom Namibia, leaking sensitive customer information. Known for quietly exfiltrating data before encrypting systems; refusal to pay ransoms results in public data leaks, causing severe operational and reputational damage.
An extortion-oriented ransomware group targeting large organizations globally.
June 2024: Attacked South Africa’s National Health Laboratory Service (NHLS), disrupting diagnostics for millions of tests, cancelling critical surgeries, and compromising over 1 terabyte of sensitive medical data, threatening public health and safety.
Conclusion
Africa’s ransomware crisis underscores the urgent need for enhanced cybersecurity infrastructure, proactive threat monitoring, and digital literacy programmes to protect key sectors and populations from mounting cyber threats.
Credit: Nairametrics
Discover more from Ayobami Blog
Subscribe to get the latest posts sent to your email.
