Nigeria’s rising ransomware attacks threaten digital expansion, Kaspersky warns

Stay connected via Google News

“While ransomware initially gained limited traction in Africa due to lower levels of digitisation and economic constraints, the tide is turning,” Kaspersky reports. “As digital economies grow in Nigeria and South Africa, cybercriminals are scaling their attacks — particularly targeting the manufacturing, financial, and public sectors.”

Presenting its findings during the 2025 Cyber Security Weekend for META, Sergey Lozhkin, Head of META and APAC regions in GReAT, says attackers are evolving rapidly. “Ransomware groups continue to adopt new techniques, such as cross-platform ransomware, self-propagation capabilities, and even zero-day vulnerabilities previously associated only with APT actors,” he says.

Nigeria records high exposure rates

Kaspersky data for the first quarter of 2025 reveal that Nigeria and South Africa record the fourth-highest web incident rate in the META region, with 17.5% of users affected by online threats.

“While ransomware initially gained limited traction in Africa due to lower levels of digitisation and economic constraints, the tide is turning,” Kaspersky reports. “As digital economies grow in Nigeria and South Africa, cybercriminals are scaling their attacks — particularly targeting the manufacturing, financial, and public sectors.”

The company attributes the increase in Nigeria’s exposure to limited cybersecurity resources, low awareness, and reliance on outdated systems — factors that leave many organisations vulnerable to attack.

Emerging threats driven by AI and automation

Kaspersky notes a major shift in ransomware tactics, with cybercriminals leveraging AI tools, including large language models (LLMs) and robotic process automation (RPA), to automate and enhance malware development.

A notable example is FunkSec, a ransomware group that emerged in late 2024 and quickly outpaced more established players such as Cl0p and RansomHub. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec uses AI-generated code and issues low-cost ransom demands to expand its reach.

“The group’s use of AI-generated ransomware code, complete with detailed comments likely written by LLMs, marks a new phase in the evolution of cyber threats,” Kaspersky says.

In another development, the Akira group is reportedly using webcams to bypass endpoint detection and response (EDR) systems, highlighting attackers’ growing preference for unconventional entry points, including Internet of Things (IoT) devices and outdated smart appliances.

Regional APT groups and tactics

GReAT researchers say APT groups such as SideWinder, Origami Elephant, and MuddyWater remain active across the region, focusing on high-value targets including government, military, and diplomatic institutions.

“These groups rely on sophisticated tactics like spear-phishing, exploit chaining, and supply chain attacks,” Kaspersky warns. “Their capabilities are increasingly being adopted by cybercriminals via RaaS platforms.”

Lozhkin adds: “Cybercriminals are targeting unmonitored and outdated systems — IoT devices, smart appliances, and misconfigured enterprise hardware — which often fall outside standard security coverage.”

Security measures urged for Nigerian organisations

In response, Kaspersky is urging Nigerian organisations to strengthen their cybersecurity posture by implementing multilayered defences and investing in cyber resilience.

“To stay secure, organisations need up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education,” Lozhkin advises.

Other best practices recommended by Kaspersky include:

• Keeping software updated across all devices;
  
  
• Monitoring outbound traffic for suspicious data transfers;
  
  
• Establishing offline backups immune to tampering;
  
  
• Training security teams with current threat intelligence;
  
  
• Deploying endpoint ransomware protection tools.