Organisations in Saudi Arabia and the UAE were hit by the most ransomware attacks among Gulf Cooperation Council (GCC) countries between mid-2021 and mid-2022, according to a report published today by cyber-security firm, Group-IB.

The company’s annual round-up of major global cyber threats, the Hi-Tech Crime Trends 2022/2023 report found that ransomware operations remained the main cyber threat to companies and organisations across the world, including the Middle East and North Africa region.

Ransomware is a type of malware that encrypts the files of a victim and demands a ransom payment in exchange for the decryption key. If the ransom is not paid, the attackers frequently threaten to delete or publicly release the encrypted files. Such attacks can have a significant impact on both individuals and organisations, resulting in the loss of critical data as well as financial losses from the ransom payment and any disruption to business operations.

“In terms of industries, the energy, telecoms, IT and manufacturing sectors were frequently targeted,” the report said.

The report revealed that, in the second half of 2021 and first half of 2022, 42 companies in the GCC region were targeted by these operations, with 33 per cent of them based in the UAE and 29 per cent from Saudi. They were followed by Kuwait (21 per cent), Qatar (10 per cent), Oman (5 per cent) and Bahrain (2 per cent).

“Ransomware is likely to remain the major threat for business and governments across the globe in 2023,” said Dmitry Volkov, CEO at Group-IB. “Ransomware gangs have been able to craft a stable market for their criminal enterprises, and the ransom demands issued to companies once they have been attacked are continuing to rise rapidly.”

Group-IB obtained the data by analysing information posted on dedicated leak sites (DLS), which are websites created by ransomware gangs to upload data and files stolen from the victim’s network, if the victim does not pay the ransom.

A spokesperson for the firm was quoted by Al Arabiya as saying: “DLS are being used by ransomware gangs as part of the so-called double extortion technique, where the threat actors not only encrypt the networks but also steal sensitive data and threaten to publish it online”.

Iran is considered a significant cybersecurity threat to companies in the GCC, particularly the telecoms and energy industries in the region. Late last year, Dubai-based US company, CrowdStrike, reported that it was tracking 20 groups in Iran that could target the GCC region for potential cyber-espionage or attacks. In another report at the end of last year, Group-IB said that thousands of computers in the Gulf have been hacked by Russian-speaking scammers.