Developing countries are being used by hackers to try out new ransomware strains

Malware first makes it to Latin America, before moving to North America

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

IT security pros are not the only ones with sandboxes and honeypots to testmalwarein, as hackers are doing the same - in developing parts of the world.

A report from Performanta says that many hackers would first try out new malware strains in developing countries, before targeting companies in the developed world.

The report claims this process is particularly effective as organizations in the developing world have less awareness of the issue of cybersecurity and as such are an easier target, so organizations in Africa, Latin America, and Asia are hit first, before the attackers pivot towards Europe and North America.

Cheaper malware

The researchers claim to have observed attacks in Senegal, Chile, Colombia, and Argentina, using strains which later ended up on systems in Europe and North America. One of the strains being tested this way is Medusa, aransomwarevariant that was first seen in South Africa, Senegal, and Tonga, after which it hit organizations in the US, UK, Canada, Italy, and France.

In 2023, there were roughly a hundred reported cases of Medusa attacks.

In its writeup,Ars Technicadiscussed the problem with Nadir Izrael, chief technology officer at cyber security group Armis, who said attackers were observed discussing an exploit for a new vulnerability earlier this year. “They ‘specifically targeted a few [exposed servers] in third world countries to test out how reliable the exploit was,’” he said.

Armis confirmed the strategy a few weeks later, when its honeypots picked up the threat actor going after firms in Southeast Asia, first.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However, not everyone agrees with this assessment, withMicrosoft’s director of threat intelligence strategy, Sherrod DeGrippo, telling the publication that in reality - malware and ransomware variants had gotten cheaper, allowing hackers in the developing world to mount their own, mini attacks.

Darktrace director of threat research, Hanah-Marie Darley, also believes Medusa lowered its prices, resulting in more attacks in poorer countries.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption