Why ransomware is more selective and financially damaging in Latin America | #malware | #ransomware

Ransomware attacks are forecast to become increasingly selective and damaging in post-pandemic Latin America, with criminals primarily selecting companies with proven financial payment capability and/or active cyber insurance policies.

Such refinement of data hijacking attacks is one of the main security trends for 2022 in the region according to Fábio Assolini, senior security analyst at Kaspersky.

“From 2017 onwards, attacks were widespread, with not much cherry-picking from criminals. Today they are more selective, and noisy. And they evolved, adopting different attack techniques, such as APT [advanced persistent threat]. They raised the bar, they’re choosing the victims,” Assolini told BNamericas.

According to the analyst, if on one hand the pandemic forced rapid digitization, with a geographically distributed workforce, it also opened up many areas of vulnerability and sensitive entry points for attacks.

One of these entry points is the remote access protocol used by employees to connect to the company server.

Brazil, Mexico and Peru are, according to Assolini, the three main hotbeds of cybercriminals in Latin America, from where attacks are generated both targeting companies and individuals domestically as well as other countries in the region.

Although with diversified activity, each of these countries, according to the analyst, are more “specialized” in a particular modality of cybercriminal activity, from ransomware to PC malware to DDOs.

In any case, he says cybercriminals in Latin America are more immediate than those in other regions, primarily seeking quick financial gains from their attacks.

The depreciation of local currencies against the dollar should even accelerate the sale on international platforms of stolen data that make sense to external buyers, he said.


Assolini claims it is difficult to estimate how much industries have lost with attacks, especially when it comes to ransomware. The reason is that ransom payments are not made public.

The analyst claims that the “large majority” of companies that have their operations paralyzed or their data hijacked end up paying criminals.

While the payment is understandable, given the urgency to resume critical operations such as payment systems and bank loans, for example, Assolini says payment is not recommended for two reasons.

“Firstly, because in the case of data sequestration, there is no guarantee that even after payment the cybercriminal will not make use of the information, selling it on the deep web, for example.”

“Secondly, because this payment is often not accompanied by corrective measures, such as verification of vulnerabilities by companies.”


Other points of concern for next year, in Kaspersky’s view, are the increased digitization of banking.

One example cited by the analyst is open banking, the combined and shared database of customers’ data to foster competition among different players in the financial ecosystems, lowering prices for end-customers.

According to Assolini, despite the assured reliability of the central bank-managed system, some of the applications programming interfaces (APIs) of companies that will connect to the open banking platform in Brazil cannot be considered totally secure.

Kaspersky also views as critical 2022 trends the consolidation and development of advanced banking trojans and remote access trojans (RATs) for Android; the exploitation of PoS (points of sale) market vulnerabilities; and more scams with crypto coins.

Others are the growth in certain state-sponsored activities, with targeted attacks, primarily from abroad, to obtain information for third parties and countries allied to the attackers, as well as for countries that are rivals to Latin America.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty eight + = thirty one