Ransomware attacks are on the rise across Africa, with Nigeria emerging as one of the most targeted countries in 2024, according to a new cybercrime threat assessment by INTERPOL.
The 2025 Africa Cyberthreat Assessment Report, released by the global policing organisation, places Nigeria third on the continent with 3,459 ransomware threat detections recorded last year. The report underscores the escalating scale and sophistication of cyber-enabled crimes affecting public and private institutions across Africa’s increasingly connected digital landscape.
Drawing from intelligence provided by private sector partners, the report reveals a sharp uptick in monthly ransomware detections throughout 2024. This trend, INTERPOL notes, reflects a broader pattern of organised cybercriminals exploiting the region’s expanding online infrastructure.
The top 10 African countries most affected by ransomware in 2024, according to the report, are:
• Egypt – 17,849 detections
• South Africa – 12,281 detections
• Nigeria – 3,459 detections
• Kenya – 3,030 detections
• Gambia – 1,729 detections
• Ghana – 1,671 detections
• Tunisia – 1,232 detections
• Algeria – 1,117 detections
• Morocco – 1,076 detections
• Ethiopia – 953 detections
The report identifies online scams, business email compromise (BEC), ransomware, and sextortion as the most severe cyberthreats confronting African nations. However, it highlights that the scope and consequences of these threats often vary, depending on local digital infrastructure, cybersecurity maturity, and public awareness.
Ransomware: Sector-wide impact across Africa
In 2024, ransomware attacks inflicted significant financial and operational harm across key sectors—particularly finance, energy, infrastructure, government, and telecommunications, INTERPOL reports.
In April, the report says that Nigerian fintech company Flutterwave became the target of a major ransomware attack. It notes that “as the cyber heist at the Nigerian fintech firm Flutterwave in April, which reportedly diverted around USD 7 million,” ransomware disruptions led to “lost revenue, reduced productivity, halted commerce, and sizable recovery expenses.” The incident reflects a broader trend of cybercriminals demanding ransoms ranging from tens of thousands to millions of dollars—often in cryptocurrency
In April, the report says that Nigerian fintech company Flutterwave became the target of a major ransomware attack. It notes that “as the cyber heist at the Nigerian fintech firm Flutterwave in April, which reportedly diverted around USD 7 million,” ransomware disruptions led to “lost revenue, reduced productivity, halted commerce, and sizable recovery expenses.” The incident reflects a broader trend of cybercriminals demanding ransoms ranging from tens of thousands to millions of dollars—often in cryptocurrency
Infrastructure across several countries was also affected. In Cameroon, national electricity provider ENEO faced power management disruptions, while Kenya’s Urban Roads Authority (KURA) suffered a significant data breach.
Government institutions were not spared either. In December 2024, attackers struck Kenya’s Micro and Small Enterprise Authority (MSEA) and Nigeria’s National Bureau of Statistics (NBS), according to the report.
South Africa’s Department of Defence also fell victim to a devastating breach by the Snatch ransomware group, resulting in the loss of 1.6 terabytes of sensitive data, including contact details of high-ranking officials such as the country’s president.
The telecommunications industry recorded one of the year’s most damaging incidents when Telecom Namibia experienced a major breach. More than 619,000 clients were affected, with 626.3 GB of data compromised—spanning over 492,000 files linked to individuals, businesses, and government agencies.
Cyber gangs behind the attacks
INTERPOL’s assessment spotlights three major ransomware groups operating across Africa.
LockBit, described as a “prolific Ransomware-as-a-Service (RaaS) gang,” was behind multiple ransomware campaigns in 2024. One of its most notable targets was South Africa’s Government Employees Pension Fund (GEPF).
“One of the most prominent was LockBit, a prolific Ransomware-as-a-Service (RaaS) gang that remained highly active throughout the year,” the report stated.
Although international law enforcement briefly disrupted its operations, LockBit resumed its activities, intensifying the harm by continuing to leak stolen data from victims.
Another significant actor is Hunters International (Hunters), which specialises in targeting telecoms, financial institutions, and government bodies across the continent. In July 2024, the group breached Kenya’s KURA, exfiltrating 18 GB of data. They returned in December to attack Telecom Namibia, releasing highly sensitive client information.
According to the report, Hunters often adopt a covert approach—stealing data silently before locking systems and demanding ransoms. Victims who decline to pay are subjected to public data leaks, resulting in major operational disruptions and damaged trust.
Meanwhile, BlackSuit, an extortion-driven ransomware group, demonstrated the severe risks these gangs pose to public health. In June 2024, BlackSuit attacked South Africa’s National Health Laboratory Service (NHLS), interrupting millions of medical tests, delaying urgent surgeries, and compromising over 1 terabyte of critical health data.
The attack on the GEPF, the report says, had far-reaching consequences, affecting millions of South Africans and highlighting the grave impact of unchecked ransomware threats.
Home
