Africa's unusual ransomware pattern

also ft; can a telco achieve the African data dream?

Olatunji Olaigbe

and

Olatunji Alameen

Jul 05, 2025

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

HIGHLIGHT

On ransomwares

Last week, we tried finding long-term insights in all Interpol’s Africa Cyber Assessment Report editions. This week, we're taking a harder look at one term that keeps coming up: ransomware. Between the 2021 and 2025 editions of the report, ransomware has increasingly taken a larger spotlight across the continent, especially in countries like South Africa and Egypt.

Insights from four editions of Interpol's Africa Cyber Assessment Report

Olatunji Olaigbe and Olatunji Alameen

Jun 28

Read full story

What is ransomware? It’s when a threat actor kidnaps your tech stack and asks for a ransom. Read this for more.

It’s a bit counterintuitive to think about. Despite a global reduction in ransomware payments, ransomware has “thrived” on a continent with low cyber compliance enforcement or public backlash. There’s little reward incentivizing entities to protect themselves, just as there’s little incentivizing them to pay a ransom in the case of attacks.

Arguably, tech is not indispensable to the operations of a comparable larger percentage of African entities. If you, thinking you’ve found an easy catch, hack the Nigerian Bureau of Statistics and ask for a million dollars for decryption code, experience has shown that they’re less likely to pay that ransom and instead attempt to wait you out or build another system (which agreeably is cheaper than $1M). You’re threatening to release data to the public? Well, good luck, nobody cares. No one’s going to hold them to account, and it has a negligible impact on their public profile.

Interestingly, it’s logistically harder to deploy malware on African systems. Systems are decentralized, internet connection can be unstable. It’s hard for data to move around easily, and that problem transfers to malware, too.

Yet, ransomware attacks offer high returns and, frankly, are the wisest business decision for financially motivated threat actors. It’s comparably harder to defraud businesses, African data sells significantly less on the dark web, and fraud on people is low-return. To compensate, actors mostly target infrastructures. RansomHouse goes after Cell C, the LockBit ransomware gang, and South Africa’s government workers' pension.

Secondly, on a continent considered the cybersecurity weakest link, it’s pretty easy to deploy ransomware. According to the International Telecommunication Union's Global Cybersecurity Index 2024 edition, only nine out of 44 countries in Africa qualify for the first or second tier of cybersecurity maturity. Interpol’s reports also note that there are mostly old and publicly available ransomware programs being used on the continent, denoting a susceptibility point that would not be there if there were just bare minimum cybersecurity practices among victims. Of course, the report does not put it that directly.

The rise of crypto has made ransoms easier to pay. It’s also made it easier for enforcement to track where these payments go. According to TRM Labs, illicit flows go mostly to North Korea, Nigeria, Georgia, the Philippines, and Russia.

Find all editions of Interpol’s Cyber Assessment report here.

Can MTN Telco deliver the African data dream?

Two data center issues this week. On one end, Okra, an African open banking startup, shut down, and shuttling along with it is Nebula by Okra, a cloud solution built for Africans. Nebula was a local cloud solution popular among techies because it allowed them to pay in local currencies, so its shutdown means a lot to folks in a space where a forex crisis has affected the capacity to pay for global cloud platforms. The other news, on the more optimistic end, is MTN Group’s launch of the Dabengwa Data and Cloud Centre, located in Ikeja, Lagos.

The Cloud center is being touted as West Africa's largest pre-fabricated modular data center. If, like us, you’re wondering what that means, you can get a much more thorough understanding here. There are more buzzwords. The center will be “AI-ready,” will seek to be a tier-IV standard, and will allow direct developer access. More importantly, the center will charge in Naira and make compliance with local data regulations much easier. Of course, it will be competing directly with global cloud service providers like Amazon and Google.

It’s hard operating a data center in Africa. Power is unstable, talent is hard to keep, and, lest we forget, connectivity is also unstable — though we’d also assume MTN would know more about that than us. MTN, a telco and ISP itself, is directly in charge of at least one of these crucial problems.

I asked five developer friends if they’d use MTN’s cloud center, and they all had second thoughts, no thanks to the outages and poor customer service they’ve faced using the group’s telco & ISP services.

While the continent is making strides, Africa still has a dearth of data centers. The continent hosts 1% of the world’s data centers. This affects a lot of things, including financial flows, data security, sovereignty, and tech policymaking.

MTN’s goal is not impossible. Some of the continent’s most popular data centers include Teraco in South Africa, Africa Data Center for its pan-African presence, and MainOne for its global pull. Only a few facilities by these providers are Tier IV certified. Most are tier-III. Many of these centers also collect payments in local currencies, but local entities do not patronize them. Perhaps, marketing and public awareness are where MTN is best poised to succeed.

Do you find value in the CybAfriqué newsletter? Share to support the work we do.

ACROSS THE WORLD

OPPORTUNITIES

A guest post by