The Brazilian cybersecurity firm, Apura, mapped online double extortion schemes across Latin America between January 2020 and July of last year, identifying at least 17 Brazilian groups operating in the continent that steal data and demand ransom.

The report focused on the attacks of ransomware groupsThese are a type of malware designed to steal data. After gaining access to the information, the attackers demanded a ransom by threatening to leak data onto the site. Dark Web.

Sandro Süffert, founder and president of Apura, said: "These attacks are primarily aimed at profit; they rarely have political or espionage motivations."

According to information contained in the report, attacks that victimized 137 organizations in Latin America were identified during the period studied, 71 of which were in Brazil. representing 51% of all attacks identified in Latin America.

With 21 reported cases, Mexico comes in second place, and of the 20 countries in the region, similar cases have been identified in 11. "Brazil and Mexico are the two largest countries in the bloc; both being in the lead was somewhat predictable.", "Even so, there are cases in poorer countries, such as Honduras and El Salvador.", stated Sandro Süffert.

The largest number of active ransomware groups were also found in Brazil, with 17 identified, followed by Mexico, Argentina, and Peru with 10, 7, and 6 respectively. Furthermore, a group called "Prometheus" was the most active during the period and was identified in Brazil and other regions.

“The 'Prometheus' ransomware, a variation of the 'Thanos' ransomware, began publicizing its attacks in February 2021, and the last identified publication targeting a company was on July 13, 2021. Through code analysis of the threats, it is suspected that the criminals changed the operation's name to 'Spook'.”, said Sandro Süffert.

Companies in the healthcare sector were the most affected.

As companies focused on health These were the areas most affected, according to the report, demonstrating a complete "lack of scruples" on the part of the invading groups.

“Even during a pandemic [of Covid-19], when health services were most needed, companies in the sector were attacked and extorted like any other.”, “Currently, there are approximately 1025 identified ransomware samples. Only a small fraction of these samples are used by groups that carry out double extortion attacks. This means that the actual number of victims is much higher.” Sandro concluded.

According to the Apura report:

137 companies in Latin America were victims of double extortion cyberattacks.

23 groups carried out the attacks.

17 of them are working in Brazil.

71 companies were victims in Brazil.

11 out of 20 Latin American countries with verified cyberattacks.

21 victims were claimed by the group “Prometheus” and 17 by “Pysa”.

20 healthcare companies across the region were victims.

16 industries, 13 food and beverage companies, 12 finance companies, 12 public sector organizations, and 10 retail companies are among the segments with the highest occurrence.

The groups identified in Brazil were: Avaddon, Conti, DarkSide, Egregor, Everest, LockBit, MAZE, Mount Locker, Nefilim, NetWalker, Prometheus, Pysa, Ragnar_Locker, Ragnarok, RansomEXX, Sekhmet and Sodinokibi (REvil).