"Latin America Governments Are Prime Targets For Ransomware Due to Lack of Resources, Analysis Argues"
Security researchers at Recorded Future's Inskit Group discovered that some Latin American countries may present as easy targets for ransomware attackers due to a general deficit of cyber resources, specifically education, hygiene, and overall infrastructure. The researchers stated that the situation in many of these countries is such that ransomware attacks on local, provincial, or federal government entities "could constitute a credible national and geopolitical security risk." The researchers stated that many of the successful breaches analyzed were due to the combination of compromised valid credential pairs and session cookies, which are harvested from a successful infostealer infection and sold by initial access brokers on the dark web forums. Anecdotal observations by the researchers reflect a "minor" but "sustained increase" in references to initial access sales and database leaks related to Latin American governments starting around March 2022. The researchers stated that they also identified a significant increase in Q1 2022, beginning in February 2022, of references to domains owned by government entities in Latin America on dark web shops and marketplaces such as Russian Market, Genesis Store, and 2easy Shop, relative to the same time period in 2021. Between January and May 2022, successful ransomware attacks were recorded in Costa Rica, Peru, Mexico, Ecuador, Brazil, and Argentina. The researchers noted that ransomware crews such as ALPHV, LockBit 2.0, and BlackByte have been active in the region.