Africa-Press – Kenya. Kenya might have lost more than the Sh30 billion reported last year to cybercrime, new markets survey has revealed.
This is after a new market survey revealed that the country may be under reporting cases of attacks by the online criminals.
Cyber Security firm ESET says that, ransomware activity worldwide grew sharply in the second half of 2025, with researchers projecting a 40 per cent year-on-year increase in publicly reported victims compared with 2024.
The experts say that in Kenya, the data tells a different story, not because attacks are fewer, but because many go unreported.
“Ransomware incidents in Kenya are often handled quietly. This results in fewer public disclosures and makes it difficult to quantify the full extent of ransomware activity in the country,” said ESET Lead Cyber Security Engineer Allan Juma.
The experts are now urging firms to confront the growing ransomware risk that remains largely hidden from public view, even as global attacks accelerate.
Cybersecurity analysts say this culture of silence—often driven by fears of reputational damage, operational disruption, or regulatory scrutiny obscures the true scale of the threat and hampers national visibility into emerging attack patterns.
As a result, organisations across critical sectors may be underestimating or misunderstanding their exposure.
ESET H2 2025 Threat Report shows that the cybersecurity landscape is shaped by rapid advancements in artificial intelligence, ranging from deepfake scams to malware capable of generating code autonomously.
While ransomware visibility remains low, other forms of cybercrime are far more observable in Kenya. ESET reports that the country continues to face high exposure to socially engineered scams, particularly those leveraging deepfake videos and AI-generated content.
Hyper Text Markup Language (HTML)-based fraud schemes, including the globally expanding Nomani investment scam, surged by 62 per cent year-on-year.
Many of these campaigns now combine AI-generated phishing pages, deepfake video impersonations and fleeting online advertisements to evade detection and exploit social media virality.
A recent Kenyan case, where scammers used a deepfake video of a prominent political figure to promote a fraudulent investment scheme, illustrates the speed and impact of these attacks.
“This incident shows how realistic deepfakes can dramatically accelerate the reach and effectiveness of scams,” said Juma.
Beyond ransomware and scams, mobile threats using near-field communication (NFC) technology have escalated significantly.
ESET recorded an 87 per cent increase in NFC-related malicious activity globally, with new malware strains such as RatOn emerging with combined NFC relay and remote access trojan (RAT) capabilities.
One of the standout global findings was the discovery of PromptLock, the first known AI-driven ransomware capable of generating malicious scripts in real time.
While such AI-powered ransomware remains rare, ESET warns that AI is already being widely deployed to enhance phishing, fraud and impersonation schemes—techniques that have become entrenched in Kenya’s threat environment.
At the same time, ransomware-as-a-service operators such as Akira and Qilin continue to dominate the criminal ecosystem, while newer entrants like Warlock are deploying sophisticated evasion techniques designed to bypass the endpoint security tools many organisations rely on.
