Cyber attackers are increasingly targeting developing nations, businesses in Africa, Asia, and South America with their latest ransomware variants, using these regions to test how well they work. If the malware works successfully, they will then strike wealthier nations that are protected by more sophisticated security systems. 

Adopting this approach allows them to refine their malicious programs in less secure environments. Because developing nations tend to be behind the curve in relation to cybersecurity. Recent victims of these ransomware tests include a bank in Senegal, a financial services company in Chile, a tax firm in Colombia, and a government economic agency in Argentina. These practice runs help cybercrime gangs perfect their methods before attacking high-value, better-defended targets.

Digitization in the developing world outpaces cybersecurity

Businesses in developing countries often lack cybersecurity awareness, making them easy targets. For example, a cyber gang might first try out a new malware attack in countries like Senegal or Brazil. Where banks have similar IT infrastructure to their western counterparts. This tactic works because these regions generally have lower cybersecurity defenses.

One cyber gang, Medusa, began attacking businesses in 2023 in South Africa, Senegal, and Tonga, stealing and encrypting companies’ data. Medusa went on to carry out 99 breaches in the US, UK, Canada, Italy, and France following the success of their trial runs in Africa. During these tests, users only become aware of an attack only when they are locked out of their systems and instructed to negotiate a ransom on the dark web. If victims refuse, the stolen data is published.

Local cybercriminals want to get in on the game

However, not all cyber gangs are so methodical or have long term goals. Some gangs are opportunistic. Targeting developing countries because local hackers can cheaply acquire ransomware and conduct smaller attacks without needing deep IT security knowledge and experience. Gangs like Medusa will often sell their tools to less sophisticated hackers, who use them against ‘easier’ targets. 

Expanding their reach

Cyber gangs often perfect their methods locally before exporting them to regions with similar languages, such as Brazil to Portugal. Rapid digital adoption in Africa is outpacing the development of robust cybersecurity measures, creating a gap that cybercriminals exploit. This highlights the need for businesses and individuals worldwide to stay vigilant and invest in strong cybersecurity measures, including antimalware tools like Panda Dome, to protect against these evolving threats.

As cyber attackers continue to test and refine their techniques in developing countries, everyone must prioritize cybersecurity to safeguard against increasingly sophisticated threats.