The recent Taliban takeover of the government in Afghanistan has brought a lot of chaos upon the nation – and cybercriminals are seeing that such disorder in the country is another chance for them to benefit.
According to the Atlas VPN team data analysis, Afghanistan became the primary target for ransomware attacks worldwide in the last month. Providing security for companies’ staff and customers will be extremely difficult in now Taliban-ruled land.
In the past 30 days, cybercriminals launched 1.77% of all ransomware attacks at Afghanistan. Hackers noticed that businesses in the Taliban governed country right now are very vulnerable.
While businesses are trying to adapt to a new political system, they also have to worry about the uprising of ransomware. The Taliban coup has made it difficult for local small companies to continue operating due to disruptions in the supply chain and transportation.
A successful ransomware attack on the local Afghanistan business could ruin it completely. The company would have a tough time paying the ransom as bank owners fear completing business transactions while thousands of Afghans are standing in crowds to withdraw their money.
Other countries such as Papua New Guinea have suffered from 1.69% of ransomware attacks. Pakistan follows third, being threatened by 1.36% of attacks.
Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on ransomware attacks directed at Afghanistan “Threat actors are launching ransomware attacks at Afghanistan during this challenging period. While organizations have to deal with the shortage of skilled workforce and cut foreign relationships, a cyberattack could mean the end of a company, worsening the economic situation in Afghanistan even more.”
Most used ransomware
Most ransomware works similarly by encrypting the user’s information and asking for a ransom payment to unlock it.
Trojan-Ransom.Win32.Wanna.m malware was used in 14.64% of ransomware attacks in the past month, making it the most popular. This family belongs to the WannaCry type malware, which encrypts user files.
Next up is the Trojan-ransom.win32.Crypmodadv.gen ransomware which hackers applied in 9.79% of attacks. As soon as Trojan is injected, it will encrypt the victim’s computer while placing a ransom note with the requested amount.
Following up is the Trojan-Ransom.WIN32.Phny.a ransomware exploited by 9.32% of cybercriminals.
Lastly, we have Trojan-Ransom.win32.Crypren.gen and Trojan-Ransom.Win32.Wanna.zbu malware, which were used in 5.64% and 5.13% of ransomware attacks, respectively.