Abstract

Cybercriminals are employing sophisticated techniques to illegally obtain money from victims, with ransomware that is the most notorious malware utilized for financial gain. In this paper, we focus on the Arab world, which is a prime target region for ransomware gangs. Due to rapid economic growth and digitalization in this region, cybercriminals are increasingly targeting it. However, there is a lack of research on ransomware crime syndication in the Arab region. We collected data on claimed ransomware victims from 2020 to 2023 from the darknet. Our analysis of ransomware gangs in this area revealed significant findings. Based on three years of data collection and analysis, we identified 20 ransomware gangs primarily operating in the Arab region in 2023. Three major ransomware gangs-Lockbit, BlackCat (ALPHV), and CL0P-are predominantly targeting the Arab world, with the United Arab Emirates and Saudi Arabia being major targets, along with the manufacturing industry. In addition to identifying the ransomware gangs, we also identified the tactics, techniques, and procedures (TTP) used by them. There was 17 TTPs used by ransomware gangs. We have also developed a platform to track ransomware gangs and their cryptocurrency transactions. Bitcoin's anonymity and popularity made it the most preferred cryptocurrency by ransomware gangs. This research lays the groundwork for further studies to understand the exact trends and data related to ransomware in the Arab world.