Extortion is highlighted as a cyber crime and Brazil is among the hardest hit

If your device is completely up to date, your neighbor’s is not. Be it your computer, smartphone or the server of the company you work for, the presence of outdated technology parks without the proper protections is a reality that has made Brazil the most targeted country in ransomware attacks in Latin America. And in addition to the locking of files itself, the country has also become a showcase for a new criminal modality, as or more effective as: extortion.

  • New virtual scam requires ransom for non-public disclosure of stolen data
  • Brecha exposes 1.7 billion records of Brazilian e-platform commerce
  • Companies must invest % more in digital security in 2021 , indicates research

    This is what the different numbers presented by Kaspersky security experts point out, who cite this as one of the main current waves in the world of digital crime. The high redemption values, as well as the presence of regulations such as the LGPD (General Data Protection Law), as well as the economic crisis, make the image and files of companies highly valuable, sometimes even more than that the systems crash itself, since, once in the wrong hands, such data cannot be recovered from security tools or backups.

    The growth in the number of Attacks also accompany the growth of ransomware as a service (RaaS), which allows even less sophisticated gangs to gain access to highly complex malicious tools. The winnings are divided between the gangs that carried out the action and the malware developers, but in view of thousands of dollars in ransom, on average, this is one of the most interesting pieces of cake.

    Want to catch up on the best tech news of the day? Access and subscribe to our new channel on youtube, Canaltech News.

    Every day a summary of the main news in the world tech for you!

“ Brazilians are very aggressive and often carry out successful operations, with targeted attacks and methods copied from Eastern European criminals,” says Oleg Gorobets, security evangelist at Kaspersky. Scams using well-known brands and names, as well as tools that our fellow countrymen know intimately, are some of the vectors of compromises that generate financial gains and, according to the expert, they also work as one of the best advertisements for the development of malware.

He cites the REvil gang as an example. In activity since 2022, the group was born from another, the deranged GandCrab, to become one of the the world’s largest ransomware gangs, responsible for large-scale attacks such as those that victimized companies such as food processor JBS and fuel distributor Colonial Pipeline. Even before these came names like the electronics maker Quanta, whose intrusion even led to the leak of technical data on recently announced products by Apple, and other technology companies like Fujifilm and Kaseya.

Brazil is the most affected country in the world by REvil ransomware; proof that national and international criminals are eyeing a market with serious digital security problems (Image: Reproduction/Kaspersky)

It was the blows to infrastructure companies, however, that brought the group to the news pages and government scrutiny, causing a sudden stoppage in activities and a comeback now, three months later. “The ‘upstairs’ guys in a gang like this don’t like the worry of being in the crosshairs of activities. This case draws attention, however, since the bands do not usually return with the same name”, indicates Gorobets. This, on the other hand, also serves as an indication that advertising is becoming part of the business, especially in a scenario where anyone can contact malware developers to carry out attacks.

The math of an incident

The numbers show a bit of why ransomware became so interesting and, after that, extortion too. According to Kaspersky’s numbers, the global average of ransoms requested by criminals in 2021 is US $ 300 thousand — an increase of 3.% compared to 1024, when end users were the main targets. Meanwhile, the cost involved in hiring a tool can be less than $1..

Access to forums, systems or restricted spaces costs about US$ , while the actual use of a ready-made tool may vary from US $ 300 to US$ 900 according to its complexity. The bolder ones can also acquire source codes of malware families for customization, for values ​​of approximately US$1.660. The account closes, especially when the state of technology is taken into account.

Outdated park is the main vector of scams in Brazil, with research showing that more than half of connected devices still run Windows 7, among other outdated or pirated software (Image : Disclosure)

In Latin America, 55% of computers are still running Windows 7, while another 5%, many of them in businesses and industries, are still running Windows XP. Meanwhile, the usage rates for pirated software are 83%, almost double the global average of 20%. In all cases, they are outdated devices and with out-of-date editions of applications, as well as open doors for intrusions.

Alongside these numbers, there is also an estimate of two each three devices aren’t running the latest versions — they may be modern, but they’re also outdated. This leads to one ransomware attack attempt being carried out every 11 seconds in Latin America, in a 2021 that should end with more than 2.8 billion of this type of blows registered throughout the territory.

After the realization, the division of the gains is made in a way that of

% The 35% of the profits are remitted to the developers of the tools ransomware, while the rest is left to the attackers. The margin of 80% can be reduced by payments to oranges or intermediaries responsible for extorting companies, but even so, the final total is brilliant to the point that, according to Gorobets, the ransom coming from locking the data itself is not even of interest to criminals.

Among the consequences, in addition to encrypted data, are image damage, government fines, harassment and threats to high- and mid-level executives, as well as outages that cause damage. Meanwhile, security policy makers still have one more problem on their hands.

“Analyzing the root cause of attacks is essential for building a defense strategy. Without proper threat intelligence, protection is more difficult to work with,” adds Nikita Zaychikov, product marketing manager at Kaspersky. While weak or leaked credentials and non-update vulnerabilities should continue to be trends among attack vectors, he points out that automated monitoring systems, training, and endpoint protection measures can serve as avenues for increased cybersecurity.

Source: Opensea

  • Did you like this article?

    Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.


  • Related Articles

    Back to top button