ESET, a leading company in proactive threat detection, assures that 2024 was a record year for ransomware, both in terms of scope and the profits obtained by attackers from their attacks. To understand how this threat played a determining role in the future of information security for companies and organizations, the company details which were the most paradigmatic attacks of the year, and what impact they had in Latin America.
“Ransomware continues to be one of the biggest threats to cybersecurity worldwide. A Rapid 7 report states that more than 2,500 ransomware attacks were recorded in the first half of 2024 alone. That translates to nearly 15 publicly claimed attacks per day. In addition, our ESET Security Report this year revealed that in Latin America 14% of organizations said they were willing to pay a ransom”, said Camilo Gutiérrez Amaya, head of the ESET Latin America Research Lab.
2024 is shaping up to set the record with respect to revenue paid out for ransomware attacks. According to Chainalysis, ransomware ransoms paid as of july totaled close to $460 million. In addition, the highest figure paid for a ransomware ransomware totaling $75 million was recorded.
“It is indeed paradoxical that despite the dismantling of dominant groups such as Lockbit, ransomware continued to reinvent itself in the hands of smaller, more flexible groups. In fact, one of the main characteristics of these emerging actors is that they work through several ransomware groups, thus consolidating the so-called democratization of ransomware”, said ESET Latin America’s Gutiérrez Amaya.
Ransomware groups continue to explore new techniques and tactics, for example the incorporation of tools that seek to override security technologies such as EDRs. ESET’s research team discovered this new toolkit deployed by the Embargo ransomware, which consists of a loader and an EDR killer, named by ESET as MDeployer and MS4Killer. “The ransomware, like the other threats, became much more sophisticated with the implementation of Artificial Intelligence tools. This resulted in much more personalized attacks, making prevention and response more difficult”, the ESET researcher said.
Ransomware situation in Latin America
In the region, certain groups such as LockBit 3.0, Vice Society, ALPHV (BlackCat) and Medusa stood out for their constant activity. A decisive player was RansomHub, a group that offers ransomware as a service and has affected more than 200 organizations since its appearance at the beginning of this year. For its service it charges 10% of the payments obtained by its affiliates in each attack, and its main victims tend to be high-profile institutions and companies with a high capacity to pay.
Another very active group in the region was LockBit 3.0, whose victims included a Mexican chain that affected 1,800 of its stores throughout the country, damaging its operations for a period of three months.
Ransomware was the protagonist of several attacks in the region. Universities, health centers, companies and government agencies in Argentina, Brazil, Chile, Colombia, Mexico, Peru and many other countries were targeted by ransomware groups. To confirm how ransomware groups continue to evolve, ESET Latin America’s Research team recently produced a report highlighting two other emerging ransomware groups in Latin America: Qiulong and Cactus.
How to protect yourself against ransomware?
To protect against ransomware, according to ESET, it is necessary to apply a cross-cutting approach that integrally covers all aspects of an organization. To do so, it is advisable to:
Implement multi-factor authentication (MFA), which strengthens security and greatly reduces the risk of unauthorized access in the event of password compromise.
Performing regular backups is key to minimizing the impact of ransomware.
Keep up-to-date on the latest security threats and trends.
Train staff on good security practices to prevent risks and threats.