Organizations in Saudi Arabia and the United Arab Emirates (UAE) fell victim to the highest number of ransomware attacks out of all GCC countries between mid-2021 and mid-2022, according to a report from cybersecurity company Group-IB.
A ransomware attack happens when an individual or group uses software to access a company or organizations files to either extort the business or steal its data.
“In terms of industries, the energy, telecoms, IT and manufacturing sectors were frequently targeted,” the report said.
In the second half of 2021 and first half of 2022, 42 companies in the GCC region fell prey to these attacks – 33 percent of the companies were UAE-based and 29 percent were from Saudi Arabia - Group-IB said in Tuesday’s report.
A total 21 percent of the companies who were victim to these ransomware attacks in the report were Kuwaiti, 10 percent from Qatar, while Omani and Bahraini organizations made up less than 10 percent of the organizations targeted.
Group-IB took the data from information posted on dedicated leak sites (DLS) - websites created by a particular ransomware gang, on which they upload data and files stolen from the victim’s network should the victim refuse or fail to pay the demanded ransom.
“DLS are being used by ransomware gangs as part of the so-called double extortion technique, where the threat actors not only encrypt the networks but also steal sensitive data and threaten to publish it online,” a spokesperson at Group-IB told Al Arabiya English.
Across the globe, 2,886 companies had their information, files, and data published on such sites in the last half of 2021 and first half of 2022, a 22 percent increase compared to the 2,371 companies affected during the same period a year beforehand.
“Ransomware is likely to remain the major threat for business and governments across the globe in 2023,” says Dmitry Volkov, CEO at Group-IB.
“Ransomware gangs have been able to craft a stable market for their criminal enterprises, and the ransom demands issued to companies once they have been attacked are continuing to rise rapidly.”
Iran poses a very real cybersecurity threat to Saudi Arabia and other Gulf countries and could target key industries such as telecoms, oil, and gas, experts told Al Arabiya English last year.
Dubai-based US company CrowdStrike at the time said it was currently tracking 20 groups in Iran who could target the region for potential cyberespionage or attacks.
“The Gulf is not the only target, but it’s one of the primary ones,” Roland Daccache systems engineering manager at the company told Al Arabiya English in November.
Thousands of computers in Saudi Arabia and across the Gulf have been hacked by Russian-speaking scammers in the first seven months of the year, cybersecurity company Group-IB said in another report at the end of last year.
Group-IB identified the groups using malware to obtain passwords for accounts including Amazon and PayPal, as well as to gain access to their payment records and crypto wallets.
In the first seven months of the year, these scammers infected around 6,300 electronic devices, stole more than 700,000 passwords, and collected credit card details from just under 1,400 people, from Saudi Arabia, according to the cybersecurity company.