Computer Attacks: In the first eight months of the year, an average of 4,000 ransomware attacks per day were recorded in Latin America, according to data from Kaspersky. This amount represents a decrease of 28% compared to the same period in 2021 and Brazil is on the list of countries that register this downward trend. For the company's experts, criminals are increasingly focusing on targeted and profitable attacks and the local development of ransomware with the aim of attacking Latin American public and private sector institutions.
Kaspersky's analysis shows that countries show different trends. For example, Colombia, Costa Rica and Ecuador saw an increase in attacks in 2022, while Brazil, Chile, the Dominican Republic, Mexico and Panama saw a decline this year. To round out the ranking, Argentina, Guatemala and Peru show attacks in "waves". Despite the varying characteristics, company experts emphasize that the current scenario does not mean that the threat has disappeared or that change cannot happen in the short term.
Another finding of the study suggests that Latino criminals are creating their own ransomware and ChilliLocker is the highlight of this trend – it was named after the first country to report attacks from it in August 2022. This family of Latino ransomware has the ability to steal credentials saved in browsers, map servers and devices on the network to encrypt them and avoid antivirus detection through a function that allows the ransomware to schedule its execution. Is. So far Chile Locker has only been found in Chile and Colombia.
“In this region, ransomware as a service scheme has flourished and operates as a formal industry, with various levels of 'employees' studying their potential victims and planning attacks 24/7. have been The advancement and commercialization of this crime has an explanation: this online crime drives more money than other illegal activities, such as selling or smuggling weapons", assesses Mark Rivero, Senior Security Analyst at Kaspersky.
The Kaspersky study details the commercialization of ransomware groups, which are now organized into four profiles: Ransomware operators, who are local groups responsible for carrying out attacks on victims. Middlemen (Initial Access Brokers), who are also common sense criminals, but who have the potential to compromise the security of organizations and sell these illegal accesses to operators.
Associates, individuals with high levels of technical knowledge in penetrating corporate networks and who can execute a full ransomware attack (without relying on previous profiles). and ransomware creators who have very high technical knowledge but prefer to share their knowledge (as a service) in exchange for a percentage of the profits from successful attacks.
Most common ransomware family in Latin America
According to Kaspersky's analysis, the "owners" of the malware are left with 20 or 30% of the earnings, while the largest share is divided with those who are most exposed - with middlemen who earn the most ( about 50%), as they account for most of the work (invasion).
The five most common families of ransomware in Latin America are: Trojan-Ransom-Win32-Stop; trojan-ransom-win32-blocker; Trojan-Ransom-MSIL-Blocker, and VHO-Trojan-Ransom-Win32-Convagent – all stand a chance to encrypt their victims' data.
Another trend worth noting and which is part of the forecast for next year is the use of destructive ransomware whose sole purpose is to damage institutional resources, as happened with the Hermetic Ransom as early as 2022. Types of measures organizations take to double their cyber security", recommends the Kaspersky analyst.