Brazil remains the country most attacked by ransomware

Brazil remains the country most attacked by ransomware in Latin America, reveals Kaspersky
Even with a drop of 26% compared to 2023

The 2024 Kaspersky Threat Panorama reveals that the company blocked more than 487,000 ransomware attacks from June 2023 to July 2024 in Brazil – this number represents 1,334 attacks per day. Despite the 26% drop compared to the previous year, the country remains the most attacked in Latin America. The most common ransomware family among Brazilian victims is “Trojan-Ransom.Win32.Blocker”, which blocks and prevents the person from accessing the computer.

The country has more than 487 thousand ransomware detections in a period of one year, making it the most attacked country

The most common ransomware family found in Brazil was “Trojan-Ransom.Win32.Blocker”, a type of trojan that modifies the victim’s computer so that they can no longer use the data or prevents the machine from running correctly. Once the data is blocked or encrypted, the user receives a ransom demand, which asks the victim to send money to get it back.

In Latin America, ransomware attack attempts increased by 2.8% compared to the previous year and reached more than 1.1 million – 3,247 attempted attacks per day. After Brazil, the countries with the most attacks were Mexico (285 thousand), Ecuador (142 thousand) and Colombia (49 thousand).

Despite the drop, it still remains the most attacked

“Brazil, despite having shown a drop in the number of ransomware attacks, still finds itself in a worrying position, being the most attacked in the cybersecurity scenario. This dangerous malware prevents access to important data and demands ransoms, which can cause financial and reputational damage to companies. We cannot see this reduction as a sign of relief, but rather as a warning to intensify prevention against the increasingly sophisticated tactics of cyber criminals”, comments Fabio Assolini, director of Kaspersky’s Global Research and Analysis Team for Latin America .

LockBit outage impacts ramsoware in the region

Another highlight in the panorama was the interruption of the LockBit group in Latin America, which had its operations impacted by international security agencies – the UK National Crime Agency, the US Federal Bureau of Investigation (FBI), Europol and others. The group was famous for stealing money from companies by stealing confidential data and threatening to leak it if victims didn’t pay ransoms.

On some sites previously dominated by the gang, you can already see the message: “This site is now under the control of the UK National Crime Agency, working closely with the FBI and the International Law Enforcement Task Force, ‘Operation Cronos’:

“Latin America is still experiencing an increase in the detection of attacks and, although international security forces are doing their job, criminals are very inventive and always manage to reach their victims, either by creating new groups or by creating new threats”, adds Assolini.

To avoid this type of ransomware infection, Kaspersky recommends:

• Keep all programs updated, both on devices and servers, to prevent attackers from being able to exploit vulnerabilities and infiltrate the corporate network.
• Focus your defense strategy on detecting lateral movement and blocking fraudulent transfer activities of sensitive data to the Internet (leakage).
• Set up offline backups that attackers won’t be able to tamper with. Ensure the company can access them quickly when needed or in an emergency.
• Enable ransomware protection on all endpoints.
• Install anti-APTs and EDR solutions, such as those from Kasperskyenabling advanced threat discovery and detection, investigation and rapid incident neutralization capabilities.

For more cybersecurity information, visit blog da Kaspersky.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With more than a billion devices protected against emerging cyberthreats and targeted attacks, its deep understanding of the threat intelligence landscape and security expertise are constantly evolving into Innovative solutions and services to protect businesses, critical infrastructure, governments and people around the world. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber ​​Immunity solutions to combat sophisticated and evolving digital threats. We help more than 200,000 business customers protect what matters most to them. More information on the website.