This report provides an in-depth assessment of the ransomware threat landscape affecting Arab countries in 2025, based on systematic monitoring of darknet leak sites, open-source intelligence, and analyst validation through the NAUSS Cyber Threat Intelligence platform. A total of 147 victim organizations across 14 Arab countries were identified, with activity concentrated in the United Arab Emirates, Saudi Arabia, and Egypt. The report highlights a shift in dominant threat actors, with CL0P, Qilin, and Kill Security emerging as the most active groups, and documents increased targeting of Commercial Facilities, Critical Manufacturing, and Financial Services. It further examines the growing role of artificial intelligence as an enabler of ransomware operations, particularly in phishing and reconnaissance, and maps observed behaviors to the MITRE ATT&CK framework. The findings aim to support policymakers and cybersecurity practitioners in strengthening regional preparedness and resilience.
• 2023 Ransomware Trend Report in Arab Countries
• Europol IOCTA 2024
• ENISA Threat Landscape 2025
• Verizon 2025 DBIR
• Microsoft Cyber Signals 2025
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.