Ransomware, a criminal method of hijacking information from a company, government or user to collect ransom, has alarmed the Americas ahead of a wave of attacks testing relatively immature cybersecurity systems.

After the 2021 crisis due to cyber-attacks in the US that affected more than a thousand companies and prompted the government to hold an international summit to take action, ransomware now has systems in Latin America flashing red. has faced a string of high-impact thefts in places like Brazil, Peru, and Costa Rica, the second country to be declared a national emergency.

“Ransomware has tripled its profitability during the pandemic, and while its technical core remains the same, its operating model has evolved greatly to become large and sophisticated criminal organizations,” said Kerry-Ann Barrett, director of the Cybersecurity Program. Organization of American States.

Profitable and dangerous business

Ransomware uses a malicious program that blocks users from accessing their systems or files and demands a ransom payment to regain access to them.

While most organizations do not report these extortions, the Ransomwhere platform, which has been tracking ransoms for a year, calculates that payments to cryptocurrency-only criminals have already exceeded $120 million, of which about 17 million were delivered in 2022.

According to Marc Rivero, a researcher at Russian cybersecurity giant Kaspersky, this explains the “great advance of this crime because it can move more money than human trafficking or arms sales.”

US company SonicWall’s Cyber ​​Threat Report 2022 shows a 105% increase in data hijacking last year, surpassing 623 million attacks worldwide (almost twenty attempts per second), with the US in second place (421 million or 67.5%). ‘i) indicates. total).

On the Latin American side, Brazil (33 million attacks and fourth in the world), Colombia (11.3 million, sixth) and Mexico (7 million, tenth) are among the ten most affected by such extortions. Canada also ranks fifth with 24.2 million attacks.

The fact that Brazil is the main Latin American country to be attacked by such a program is attributed to greater availability of internet services, a situation triggered by the restrictions imposed by the pandemic.

In Mexico, meanwhile, there was a growth of nearly 700% in cyberattack attempts against companies and up to 1,000% in government agencies last year, says Jesús García, Mexico manager of Quest Software.

And in the case of Chile, the government’s Computer Security Incident Response Team notes that there were nearly half a million attempts at cyberattacks on organizations last April, looking for vulnerabilities in websites and systems to steal information from the State and its citizens.

However, “It is very difficult to know how many ransomware attacks are in Chile, because the institutions or companies affected do not always disclose that they are in danger. And the cases suffered by people are even less known,” they inform Efe in this organization.

A “War” in a vulnerable area

“We are at war and that’s not an exaggeration,” Costa Rican President Rodrigo Chaves said on May 16, just eight days after he assumed the Presidency, referring to the Russian-born Conti group. thirty government agencies.

The same group assured that in early May it had attacked emails from the Peruvian Ministry of Interior’s General Directorate of Intelligence, monitoring public officials and exposing the virtual activities of different ministries.

According to experts, these experiences show that criminals are heading into a region they consider potentially profitable and with relatively immature cybersecurity defenses.

“As the United States and Europe increase their protection, it’s a little easier for a cybercriminal to look for markets or places where the level of protection is lower,” says Belisario Contreras, who has led the program for more than a decade. Efe is co-chairman of the Global Council for Cybersecurity and the World Economic Forum’s Global Council for the Future of Cybersecurity at OAS.

“Costa Rica got it this time, but it could have been any other institution from any country in Latin America and the Caribbean. The region needs a higher level of cybersecurity maturity,” adds Contreras, now senior director of global security and technology strategy at law firm Venable LLP.

As an example of this vulnerability, days ago the Peruvian Banks Association warned the government of a “vulnerability” in government agencies that puts citizens’ personal data on social networks at risk.

Meanwhile, Quest Software says the government is increasing its use of open source (software whose source code is available to everyone) in Mexico, which represents another source of vulnerability.

goals and objectives

According to Barrett, “all organizations are at risk given the degree of complexity of ransomware as a service, which are groups of 30 to 60 people with human resources, marketing, negotiation and developer departments, targets and planned attacks.”

According to the OAS Cybersecurity Program director, while the Conti group assures that it was working “only” for money in its recent attacks in Peru, the media also had an interest in “spreading confidential information or disrupting or paralyzing services.” in bulk.

In the Americas, experts SonicWall and Kaspersky have found that recent high-profile attacks have targeted strategic energy or consumer companies, governments, educational institutions and hospitals.

Accordingly, the United States has been the target of many cyber blackmails last year against key infrastructures and companies such as Colonial, the largest oil pipeline network in the country, and JBS, the world’s leading meat processor.

Another high-profile attack in the region compromised the notification system of the Brazilian Ministry of Health’s Immunization Program at the end of 2021, at the height of a new wave of pandemics, and the message was taken over by the Lapsus group. : “contact us if you want to recover data”.

The dam also affected a dozen public institutions in Colombia over the past year, the most serious of which was the National Statistics Department and took the website down for almost ten days, although most of the Breached information was restored. with the “backup” of existence.

Also, in Ecuador, which according to Kaspersky is one of the main targets of cybercriminals in Latin America, along with Brazil, Mexico, Peru and Colombia, many companies and large institutions, including the National Agency, have been hacked in recent months. National Telecommunications Authority for Transit, Banco Pichincha -the largest in the country- and the Municipality of Quito.

Backups and information segmentation

In the aftermath of the state of emergency in Costa Rica and a year after the Colonial Pipeline incident, considered the largest successful cyberattack on oil infrastructure in US history, experts insist that preventive measures must be taken.

In this context, segmenting computer systems is considered the key to isolating different components in the event of a cyberattack.

«Another very important factor is the backups, the «backups» that make it possible to immediately return online. One solution for this is in the cloud, which allows for decentralized backups”, underlines Belisario Contreras.

Kerry-Ann Barrett of OAS suggests that since 81% of successful attacks use email as the vector, dual authentication models should be implemented for personal and corporate accounts.