Ghana received strong recognition at the Third African Forum on Cybercrime and Electronic Evidence when Mr Dunstan Guba, a leading law enforcement cybersecurity expert specialized in Malware Analysis, presented technical perspectives on how Africa can tackle the growing threat of ransomware.
The event brought together investigators, prosecutors, judges, policymakers and cybersecurity professionals from across the continent; the biggest high delegation cybersecurity gathering in the Africa region.
The forum was organised by the Council of Europe through its Cybercrime Programme Office, the European Union and the Government of Kenya. It served as a platform to discuss regional strategies for cybercrime investigations, electronic evidence handling and digital capacity building.
What Ransomware Is and Why Africa Must Pay Attention
Ransomware is a form of malicious software that enters a computer system, blocks access to files and demands payment for restoration. Modern versions steal sensitive data first, threaten to leak it publicly and then demand payment. It has become one of the most disruptive forms of cybercrime because it affects operations, finances, public trust and national stability.
During his intervention, Dunstan Guba explained that ransomware has changed significantly in the last two years. The shift is no longer about locking files and demanding money. Attackers now focus on stealing sensitive information quietly and using it as leverage.
Guba stated that this trend should concern African governments, institutions and private companies because stolen data carries high pressure value. Once taken, it can be used to embarrass, discredit or destabilise an organisation.
The New Model of Ransomware Attacks
Guba highlighted that the most serious evolution in recent months is the move from classic encryption attacks to pure double extortion operations. This new approach follows a pattern.
Attackers infiltrate a network and spend weeks moving around silently. They steal large volumes of sensitive data. They study the institution’s internal structure, crisis weaknesses or political risks. After gathering enough information, they threaten public exposure. At this point, encryption becomes an optional part of the attack.
According to Guba, this shift is significant. Even institutions that restore backups successfully remain exposed. Once data is stolen, the threat does not disappear. Public leaks, media releases or targeted pressure on executives can follow.
Why African Institutions Have Become High Value Targets
Guba also explained that attackers choose African victims for reasons that are very different from past financial motives. The objective is now leverage rather than money.
Common targets include government registries, hospital systems, telecom subscriber databases, school databases and law enforcement platforms. These systems contain information that can influence public trust and social stability.
When sensitive national data is leaked, the impact goes beyond economics. It affects governance, community confidence and public safety. This is why attackers have shifted their focus to institutions that hold information considered essential to national identity or service delivery.
Guba added that ransomware groups now use media pressure as a tactic. They operate countdown websites, send emails to journalists and contact board members directly. These actions are designed to force institutions into negotiation even when they have managed to restore their systems.
Ghana’s Growing Influence in Cybercrime Response
In his remarks, Dunstan Guba highlighted Ghana’s growing leadership in cybercrime investigation and digital forensics. Ghana continues to strengthen its investigative units, build specialised forensic laboratories and improve cooperation between law enforcement, prosecutors and cybersecurity agencies.
He noted that Ghana has invested in advanced skills including memory forensics, malware analysis, blockchain tracing and darknet intelligence. These capabilities support investigations not only within Ghana but also in regional collaboration efforts. Ghana Police Service sets as a leading example.
Guba emphasised the need for early reporting by victims. He urged organisations to avoid wiping systems after an attack and instead preserve logs, memory images and compromised servers so that investigators can reconstruct the incident. This practice greatly increases the chances of identifying foreign operators.
A Call for Stronger Regional Collaboration
The Ghana delegation made it clear that ransomware investigations require rapid action and international cooperation. Attack infrastructure is usually located outside Africa. Evidence often sits with foreign cloud providers. Payments are laundered across several countries. For this reason, no African country can handle the threat alone.
Guba encouraged African governments to adopt stronger laws for electronic evidence, speed up data sharing processes and promote capacity building for investigators, prosecutors and judges.
He concluded with a clear message.
Ransomware is now a strategic threat to public trust and national stability. Africa must strengthen its investigative systems, legal frameworks and international partnerships. Ghana is committed to contributing to this collective effort, and its reflect in how the Ghana Police Service is effectively fighting cybercrime and cyber threats.
About Dunstan Guba
Mr. Dunstan Guba is the Cyber Intelligence Lead of the Ghana Police Service. He is also a lecturer at the Detective Training Academy of the Ghana Police Service, where he oversees instruction in cybercrime investigations and digital forensics.
Dunstan plays a central role in Ghana’s national cybersecurity ecosystem, leading high-impact forensic investigations, cyber intelligence operations, and inter-agency collaborations with global partners such as Meta Platforms, INTERPOL, and the FBI. He also hosts “Cybercrime Alert” on Ghana Police TV, a national program raising public awareness on digital safety and cyber resilience. His expertise is in malware analysis, penetration testing, and mobile forensics.
