05 Dec Sophos reveals more organisations in Africa threatened by ransomware

Sophos, global cybersecurity leader, revealed that ransomware remains one of the greatest cybercrime threats to organisations in Africa.

The firm disclosed the information in a recent Threat Report. The report details how the cyber threat landscape has reached a new level of commercialisation and convenience for would-be attackers, with nearly all barriers to entry for committing cybercrime removed through the expansion of cybercrime-as-a-service.

The report said: “Criminal underground marketplaces like Genesis have long made it possible to buy malware and malware deployment services “malware-as-a-service”, as well as to sell stolen credentials and other data in bulk. Over the last decade, with the increasing popularity of ransomware, an entire “ransomware-as-a-service” economy sprung up.

“Now, in 2022, this “as-a-service” model has expanded, and nearly every aspect of the cybercrime toolkit, from initial infection to ways to avoid detection, is available for purchase.

“With the expansion of the “as-a-service” economy, underground cybercriminal marketplaces are also becoming increasingly commodified and are operating like mainstream businesses.

“Cybercrime sellers are not just advertising their services but are also listing job offers to recruit attackers with distinct skills.

“Some marketplaces now have dedicated help-wanted pages and recruiting staff, while job seekers are posting summaries of their skills and qualifications.

“As the cybercrime infrastructure has expanded, ransomware has remained highly popular and profitable.

“Over the past year, ransomware operators have worked on expanding their potential attack service by targeting platforms other than Windows while also adopting new languages like Rust and Go to avoid detection. Some groups, most notably Lockbit 3.0, have been diversifying their operations and creating more “innovative” ways to extort victims.

“The evolving economics of the underground has not only incentivised the growth of ransomware and the “as-a-service” industry, but also increased the demand for credential theft.

“With the expansion of web services, various types of credentials, especially cookies, can be used in numerous ways to gain a deeper foothold in networks. Credential theft also remains one of the easiest ways for novice criminals to gain access to underground marketplaces and begin their “career.”