In the latest report presented by Fortinet’s FortiGuard Labs, the Latin America and Caribbean region suffered 137 billion attempted cyberattacks from January to June of this year, an increase of 50% compared to the same period last year ( with 91 billion). For its part, Peru suffered 5.2 billion intrusion attempts, an increase of 10% compared to the same period in 2021 (with 4.7 billion). Mexico is the most attacked country in the region (with 85 billion), followed by Brazil (with 31.5 billion) and Colombia (with 6.3 billion).
In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies, such as ransomware. During the first six months of 2022, approximately 384 thousand ransomware distribution attempts were detected worldwide. Of these, 52 thousand were destined for Latin America.
Mexico was the country with the highest ransomware distribution activity in the period, with more than 18 thousand detections, followed by Colombia (17 thousand) and Costa Rica (14 thousand). Peru, Argentina and Brazil appear below.
Furthermore, according to FortiGuard Labs, the number of ransomware signatures has nearly doubled in six months. In the first half of 2022, 10,666 ransomware signatures were found in Latin America, while only 5,400 were detected in the last half of 2021.
“We are seeing a growth in ransomware variants, with different malicious actors and international cybercriminal groups affecting companies across industries, governments, and even entire economies. In addition to the increased use of Ransomware-as-a-Service (RaaS) – where ransomware creators deliver ransomware to third parties in exchange for a monthly payment or a portion of the profits made – we have seen some ransomware actors offer their victims 24/7 technical support service to speed up the payment of the ransom and the restoration of encrypted systems or data”, explains Arturo Torres, cybersecurity strategist at FortiGuard Labs for Latin America and the Caribbean.
According to Fortinet, the ransomware market has become very professional in 2021, with a well-established business model. Threat actors employ independent services to negotiate data ransoms, help victims make payments, and arbitrate disputes between cybercriminal groups. The WannaCry variant, for example, has a language translator and even chat support.
The most active ransomware campaigns in the region during the first half of 2022 were Revil, detected mainly in Mexican territory, followed by LockBit and Hive. Conti ransomware, for its part, has been one of the most popular in the media due to the high impact it has recently had in Costa Rica.
