Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Developing countries are being used by hackers to try out new ransomware strains

An abstract image of digital security.

IT security pros are not the only ones with sandboxes and honeypots to test malware in, as hackers are doing the same - in developing parts of the world.

A report from Performanta says that many hackers would first try out new malware strains in developing countries, before targeting companies in the developed world.

The report claims this process is particularly effective as organizations in the developing world have less awareness of the issue of cybersecurity and as such are an easier target, so organizations in Africa, Latin America, and Asia are hit first, before the attackers pivot towards Europe and North America.

Cheaper malware

The researchers claim to have observed attacks in Senegal, Chile, Colombia, and Argentina, using strains which later ended up on systems in Europe and North America. One of the strains being tested this way is Medusa, a ransomware variant that was first seen in South Africa, Senegal, and Tonga, after which it hit organizations in the US, UK, Canada, Italy, and France.

In 2023, there were roughly a hundred reported cases of Medusa attacks. 

In its writeup, Ars Technica discussed the problem with Nadir Izrael, chief technology officer at cyber security group Armis, who said attackers were observed discussing an exploit for a new vulnerability earlier this year. “They ‘specifically targeted a few [exposed servers] in third world countries to test out how reliable the exploit was,’” he said.

Armis confirmed the strategy a few weeks later, when its honeypots picked up the threat actor going after firms in Southeast Asia, first. 

However, not everyone agrees with this assessment, with Microsoft’s director of threat intelligence strategy, Sherrod DeGrippo, telling the publication that in reality - malware and ransomware variants had gotten cheaper, allowing hackers in the developing world to mount their own, mini attacks. 

Darktrace director of threat research, Hanah-Marie Darley, also believes Medusa lowered its prices, resulting in more attacks in poorer countries. 

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.