Brazil is increasingly at the center of the crosshairs of global cybercriminals. Last year, our country broke a record in ransomware attacks, with 68% of companies affected by scams of this type and an increase of 24% compared to the previous year. In 73% of cases, criminals were successful in locking data, the highest result of its kind ever recorded by security experts at Sophos.
32% of ransomware scams also resulted in data theft, while 55% of affected organizations claimed to have arranged the ransom, making Brazil a global leader in paying criminals. Here, Sophos also shows a 15% increase compared to the 2021 data and also another aspect in which Brazil appears above the global average, which is 47%.
The results were presented to the press as part of the State of Ransomware 2023 report, released annually to outline threat landscapes as well as data for the previous year. For the cybersecurity company, the numbers are worrying and show a return of cybercriminals to the charge, after a brief period of low at the beginning of the post-vaccine period of covid-19.
“The numbers place Brazil at the forefront among victims of incidents”, points out André Carneiro, general director of Sophos in Brazil. He points out that data brings us closer to the United States, a common target of ransomware around the world, and lights up a warning signal for corporations in the country regarding the security of their data. “The results are already high and tend to increase more and more.”
There is a dangerous double-edged sword portrayed here, with the high payout ratio showing that dealing with cybercrime is still a viable option for many executives, even though the use of recovery and mitigation methods also ranks high. 61% of the Brazilian organizations affected mentioned the use of backup to recover data – there is a slight decrease compared to the 2021 index, which stood at 73%, and also a position in the global average.
“Companies are wrongly going to the side of encouraging the advancement of ransomware gangs”, explains the director of Sophos. “With this, the interest of bandits in Brazil and the number of incidents here increases, as the country becomes more advantageous. The ransom payment culture needs to be changed.”
This concern speaks directly to other data from the Sophos survey, related to recovery costs. In Brazil, the average account value resulting from a successful ransomware attack is US$1.9 million, or about R$9.3 million. 85% of affected companies reported losing business or revenue as a result of the scams, two figures that are above global averages.
Around here, exploiting vulnerabilities in systems, infrastructure and services was the main entry point, used in 48% of incidents. Compromised credentials were second at 19%. Phishing emails, brute-force attacks, and malicious downloads by employees are also important attack vectors.
47% of national companies hit by ransomware attacks were able to recover their operations within a week. 21%, however, took up to a month, while 30% of the cases saw the reflexes being reflected in up to six months of work. Strengthening defenses and mitigation systems, on the other hand, is the main recommendation to avoid long periods of difficulty.
Attacks hit everyone, but big brands get more attention
While Carneiro points to the education, construction, government, retail and financial sectors as the hardest hit, he points out that, in the current scenario, any branch can be compromised. “(These segments) have the biggest numbers, only. Not being part of them does not mean (that a company) will not be attacked, as anyone can be a victim of an incident today.”
According to Carneiro, the size of the company does not matter either, with scams being disseminated wherever there is an opening. On the other hand, large increases in revenue or constant presence in the media are more defining factors for organizations to be placed in the crosshairs. “The crooks are looking for media brands, which are more likely to pay the ransom because they have more money. Small, high-revenue companies are just as risky as large corporations.”
The executive cited the recent blow suffered by the Fleury laboratory group as an example of this new dynamic. The idea is that pressure from customers and regulatory agencies matters more to cybercriminals today; they know that in the face of such elements, combined with high revenue, the chances of having the ransom demands met are greater. Carneiro also draws attention to the fact that there are almost no more cases in which the payment did not result in the recovery of information, showing that the bandits are also interested in complying with what has been agreed.
Sophos specialists do not foresee a drop in the number of attacks against Brazilian companies, on the contrary. The greater presence of vulnerabilities, the drop in backups and the high rate of ransom payments more than ever put our country in the crosshairs of international cybercriminals, as well as the international prominence of Brazil and the large companies here.
“It is very difficult to guarantee that a company is not going to be attacked, which ends up causing a feeling of panic”, concludes Carneiro. In his view, there is a need to create awareness about the protection and monitoring of systems, so that an inevitable blow has the least possible impact on operations.
