Extortion is highlighted as a cyber crime and Brazil is among the hardest hit

If your device is completely up to date, your neighbor’s is not. Be it your computer, smartphone or the server of the company you work for, the presence of outdated technology parks without the proper protections is a reality that has made Brazil the most targeted country in ransomware attacks in Latin America. And in addition to the locking of files itself, the country has also become a showcase for a new criminal modality, just as or more effective: extortion.

This is what the different numbers presented by Kaspersky security experts point out, citing this as one of the main current waves in the world of cybercrime. The high redemption values, as well as the presence of regulations such as the LGPD (General Data Protection Law), as well as the economic crisis, make the image and files of companies highly valuable, sometimes even more than that the systems crash itself, since, once in the wrong hands, such data cannot be recovered from security tools or backups.

The growth in the number of attacks also keeps pace with the growth of ransomware as a service (RaaS), which allows even less sophisticated gangs to gain access to highly complex malicious tools. The winnings are split between the gangs that carried out the action and the malware developers, but in the face of thousands of dollars in ransom, on average, this is one of the most interesting pieces of cake.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!

“[Os bandidos] Brazilians are very aggressive and often carry out successful operations, with targeted attacks and methods copied from Eastern European criminals,” says Oleg Gorobets, security evangelist at Kaspersky. Scams using well-known brands and names, as well as tools that our fellow countrymen know intimately, are some of the vectors of compromises that generate financial gains and, according to the expert, they also work as one of the best advertisements for the development of malware.

He cites the REvil gang as an example. In business since 2019, the group was born from another, the deranged GandCrab, to become one of the largest ransomware gangs in the world, responsible for large-scale attacks such as those that victimized companies such as JBS food processor and Colonial fuel distributor Pipeline. Even before those came names like electronics maker Quanta, whose intrusion even led to the leak of technical data on recently announced products by Apple, and other technology companies like Fujifilm and Kaseya.

Brazil is the most affected country in the world by the REvil gang ransomware; proof that national and international criminals are eyeing a market with serious digital security problems (Image: Reproduction/Kaspersky)

It was the blows to infrastructure companies, however, that brought the group to the news pages and government scrutiny, causing a sudden stoppage in activities and a comeback now, three months later. “The ‘upstairs’ guys in a gang like this don’t like the worry of being in the crosshairs of activities. This case draws attention, however, since the bands do not usually return with the same name”, indicates Gorobets. This, on the other hand, also serves as an indication that advertising is becoming part of the business, especially in a scenario where anyone can contact malware developers to carry out attacks.

the math of an incident

The numbers show a little bit of why ransomware became so interesting and, after that, extortion as well. According to Kaspersky’s figures, the global average of ransoms requested by criminals in 2021 is US$200,000 — an increase of 3,900% compared to 2018, when end users were the main targets. Meanwhile, the cost involved in contracting a tool can be less than $1,000.

Access to forums, systems or restricted spaces costs around US$300, while the effective use of a ready-made tool can range from US$500 to US$800, depending on its complexity. The bolder ones can also acquire source code of malware families for customization, for values ​​of approximately US$1,900. The account closes, especially when you take into account the state of technology.

Outdated park is the main vector of scams in Brazil, with research showing that more than half of connected devices still run Windows 7, among other outdated or pirated software (Image: Disclosure)

In Latin America, 55% of computers are still running Windows 7, while another 5%, many of them in companies and industries, are still running Windows XP. Meanwhile, pirated software usage rates are 66%, nearly double the global average of 35%. In all cases, they are outdated devices with outdated application editions, as well as open doors for intrusions.

Alongside these numbers, there is also an estimate that two out of three devices are not running the latest versions — they may even be modern, but they are also outdated. This leads to an attempted ransomware attack every 11 seconds in Latin America, in a 2021 that is expected to end with more than 2.8 billion such scams recorded across the territory.

After the realization, the profit sharing is done so that 10% to 20% of the profits are remitted to the developers of the ransomware tools, while the rest remains with the attackers. The 80% margin can be reduced by payments to oranges or intermediaries responsible for extorting companies, but still, the final total is brilliant to the point that, according to Gorobets, the rescue from locking the data itself is not even of interest of criminals.

Among the consequences, in addition to encrypted data, are image damage, government fines, harassment and threats to high and mid-level executives, as well as outages that cause damage. Meanwhile, security policy makers still have one more problem on their hands.

“Analyzing the root of the attacks is essential to build a defense strategy. Without proper threat intelligence, protection is more difficult to work with,” adds Nikita Zaychikov, product marketing manager at Kaspersky. While weak or leaked credentials and non-updating vulnerabilities should continue to be trends among attack vectors, he points out that automated monitoring systems, training, and endpoint protection measures can serve as avenues for increased cybersecurity.

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Leave a Comment