The State of Ransomware Attacks across Latin America

Composed of South America, Mexico, Central America, and some Caribbean islands, Latin America is a large geographic area with a flourishing IT sector. Improved English proficiency, educational support for technology, and proximity to the United States combine to make Latin American countries attractive bases for IT outsourcing and service delivery.

Cybercriminals, who always have a finger on the pulse of IT developments, are in tune with this IT growth in Latin America. These criminals recognize and look to seize new opportunities for ransomware attacks in what they may regard as a region with relatively immature cybersecurity defenses in place.

This article takes a look at some of the biggest recent ransomware attacks targeting companies across Latin America.

Ransomware in Latin America: The Statistics

Before diving into different ransomware attacks in the region, it is worth taking a look at some of the most telling statistics about the current state of ransomware in Latin America:

  • Recent research found that two Latin American countries—Argentina and Chile—featured in the top five countries targeted by the most ransomware attacks.
  • The same research found that communications, manufacturing, and retail were the top three industries targeted by ransomware in Latin America in 2021 to date.
  • According to AdvIntel, one in every three ransomware attacks in the world targets a Latin American country.

These sobering statistics highlight the prevalence of this devastating form of cyber attack in the Latin American region.

Eletrobras and Copel, Brazil: February 2021

In February 2021, technology websites began reporting that two electric power utility companies in Brazil were victims of ransomware attacks.

One of the victims was Eletrobras, which is the biggest power utility company in Latin America. Electrobras generates 40 percent of Brazil’s entire electric supply. The other victim was Copel.

The attack on Eletrobras targeted network servers belonging to an Eletrobras subsidiary. This attack resulted in the temporary suspension of some software services.

The Copel ransomware attack resulted in a data breach from which the hackers behind the attack demanded payment for returning data that included confidential employee information and plaintext passwords.

Eastern European for-profit ransomware group DarkSide claimed responsibility for the Copel attack and threatened to upload over 1,000 gigabytes of data to the dark web. Given these attacks occurred almost simultaneously, it’s likely DarkSide was behind the Eletrobras attack too. Interestingly, the same gang made global media headlines just a few months later when they carried out a ransomware attack on the Colonial Pipeline in the United States.

Telecom Argentina: July 2020

One of Argentina’s largest ISPs became the victim of a ransomware attack in July 2020. The group behind the attack demanded $7.5 million in the privacy-focused cryptocurrency, Monero.

Luckily for Telecom Argentina, the attack didn’t impact critical IT services. It is believed that hackers used stolen login credentials obtained through a successful email phishing attack to gain access to the company’s IT network. While no critical services were impacted, the attack did damage Telecom Argentina’s internal network by infecting 18,000 workstations within its call center.

Foxconn Electronics, Mexico: November 2020

A Mexican facility belonging to Taiwanese multinational electronics manufacturer Foxconn suffered a damaging ransomware attack at the end of November 2020.  The DoppelPaymer gang posted a series of files belonging to Foxconn online in the days after the attack.

A note left on the company’s servers demanded a payment of 1804.0955 Bitcoin to return all files, backup copies, and shadow copies obtained by the hackers. 1,200 servers were encrypted and over 20-30 terabytes of backups were apparently deleted.

BancoEstado, Chile: September 2020

The Chilean bank, BancoEstado, had to shut down all of its branches in response to a serious ransomware attack in early September 2020. An employee apparently opened a suspicious Microsoft Office file that then installed a backdoor in the bank’s IT network.

The REvil ransomware-as-a-service gang was behind this attack. Having gained access to the network through the backdoor, the gang blocked access to important files. In fact, the attack came to the attention of the bank when employees working weekend shifts found they couldn’t access work files from their computers. Proper segmentation of the internal bank network ultimately limited the damage caused by this attack.

Banco de Costa Rica, Costa Rica: May 2020

In May 2020, state-owned Banco De Costa Rica suffered a data breach as the result of a successful ransomware attack. The seriousness of the breach was such that a 2 gigabyte CSV containing credit and debit card numbers made its way to the dark web.

Luckily for the bank and its customers, 70 percent of the stolen card details were from inactive cards and the remaining 30 percent were quickly disabled. The Maze family of ransomware was behind this breach.

Takeaway Lessons on Ransomware Prevention and Mitigation

While every organization rightly wants to avoid ransomware attacks, the successful attacks that make media headlines always contain opportunities to learn how to improve ransomware defenses. Here are some takeaway lessons on ransomware prevention and mitigation from the recent attacks in Latin America.

  • The attacks on Brazilian electric utility companies highlighted a worrying global trend in which hackers are turning their attention to critical infrastructure. Companies operating in such areas need defense in-depth due to the society-wide importance of the services they provide.
  • The Telecom Argentina attack underscored the importance of employee awareness around phishing campaigns. E-mail security platforms and phishing simulation solutions are valuable tools in combating this mode of entry into networks.
  • The attack on Foxconn indicated that companies should take some steps to have offline backups using tape storage or other media not connected to the network.
  • It is crucial to put controls in place that limit the ability of attackers to move laterally through a network. Taking the lead from BancoEstado, network segmentation can help limit the impact of ransomware attacks.
  • When sensitive data is breached, as in the case of Banco De Costa Rica, companies need to take quick action to verify the breach and notify affected parties.

Closing Thoughts

As IT sector growth continues across Latin America, expect the volume of ransomware attacks to keep increasing too. No industry or country is immune to the impacts of a data breach. Taking ransomware defense seriously puts your organization one step ahead of malicious groups who spend their days trying to infiltrate networks and systems.

To learn more about IRONSCALES’ award-winning anti-phishing solution, please visit us today at www.ironscales.com.