Ransomware attacks continue to escalate across Africa, and Nigeria has been ranked third on the continent with 3,459 ransomware threat detections in 2024.
This is according to the newly released 2025 Africa Cyberthreat Assessment Report by INTERPOL, which highlights how cyber-enabled criminal activity is evolving rapidly across the continent..
Data from the international criminal police organization’s private sector partners shows a notable rise in monthly ransomware detections in 2024. This increase reflects how Africa’s growing digital landscape is becoming a target for sophisticated cybercrime operations.
INTERPOL’s findings show that highly digitized economies are the most impacted.
Nairametrics reported that cybercrime now accounts for over 30% of all reported crimes in West and East Africa.
Here are the top 10 African countries by the number of ransomware detections in 2024:
- Egypt – 17,849 ransomware threat detections
- South Africa – 12,281 detections
- Nigeria – 3,459 detection
- Kenya – 3,030 detections
- Gambia – 1,729 detections
- Ghana – 1,671 detections
- Tunisia – 1,232 detections
- Algeria – 1,117 detections
- Morocco – 1,076 detections
- Ethiopia – 953 detections
The INTERPOL report identifies online scams, BEC, ransomware, and sextortion as the continent’s most dangerous cyberthreats. However, the methods and impact vary significantly based on each region’s infrastructure, security protocols, and digital literacy
Some of the digital disruptions
Ransomware attacks caused substantial financial and operational damage across Africa in 2024, affecting key sectors including finance, energy, infrastructure, government, and telecommunications.
One of the most notable incidents was the cyber heist at Nigerian fintech company Flutterwave, where hackers reportedly stole approximately $7 million in April. According to the report, in many cases, ransom demands ranged from tens of thousands to millions of dollars, typically in cryptocurrency, leaving organizations burdened by recovery costs, business downtime, and lost revenue.
Beyond the immediate thefts, many organizations suffered operational setbacks. Cameroon’s electricity provider, ENEO, experienced power management disruptions, while Kenya’s Urban Roads Authority (KURA) saw its infrastructure data breached.
Government agencies were also targeted, including Kenya’s Micro and Small Enterprise Authority (MSEA) and Nigeria’s National Bureau of Statistics (NBS), both of which were attacked in December 2024.
In South Africa, the Department of Defence fell victim to the Snatch ransomware group, losing 1.6 terabytes of sensitive data, including contact information for the country’s president.
The telecoms sector was not spared. Telecom Namibia suffered a major breach affecting over 619,000 clients and exposing 626.3 GB of data, including more than 492,000 files tied to individuals, businesses, and government institutions.
Major ransomware gangs
Among the key perpetrators identified is LockBit, a notorious Ransomware-as-a-Service (RaaS) syndicate.
- LockBit was responsible for several ransomware operations in Africa in 2024, including the high-profile attack on South Africa’s Government Employees Pension Fund (GEPF).
“One of the most prominent was LockBit, a prolific Ransomware-as-a-Service (RaaS) gang that remained highly active throughout the year,” the report notes.
Despite a temporary disruption of its operations due to international law enforcement seizures, LockBit quickly re-emerged and continued to leak or repost victim data, worsening the impact of its attacks.
- Another prominent ransomware actor is Hunters International (Hunters), which specifically targets telecom, government, and financial institutions across Africa.
In July 2024, Hunters breached Kenya’s Urban Roads Authority (KURA), stealing approximately 18 GB of data. They struck again in December, attacking Telecom Namibia and leaking sensitive customer information.
Hunters employs a stealthy approach, quietly exfiltrating data before encrypting systems; victims who refuse ransom demands see their data publicly leaked, causing significant operational disruptions and eroding public trust.
- BlackSuit, an extortion-oriented ransomware group known for targeting major organizations globally, demonstrated its ruthlessness by attacking South Africa’s National Health Laboratory Service (NHLS) in June 2024.
This severe incident disrupted diagnostics for millions of medical tests, forced cancellations of critical surgeries, and compromised more than 1 TB of highly sensitive data, starkly illustrating ransomware’s potential to threaten human health and safety.
The GEPF breach reportedly affected millions of individuals and underscored the severe risks associated with this group’s activities.
