LATAM
FINAL WORD
The accelerated digitalization of the Brazilian economy is not always accompanied by alignment with the best practices of digital security .
Throughout 2023 , a harsh reality set in . The ever-evolving threat landscape has ransomware continuing to wreak havoc .
Brazil remains in a prominent position in relation to this threat : we are the fourth largest ransomware target in the world , according to a report released in the first half of this year .
Only the US , UK and Spain beat our market in this regard .
The accelerated digitalization of the Brazilian economy is not always accompanied by alignment with the best practices of digital security , which increases the vulnerability of companies to these types of attacks .
For years , the practice of encrypting data and holding it hostage until a payment was made was the hallmark of ransomware attacks . The victim ’ s dilemma was quite simple : pay the ransom or risk losing access to critical data .
To maintain their effectiveness , ransomware gangs have started to innovate with different tactics .
This is the case of double extortion , in which not only is data encrypted , but also stolen information is threatened to be publicly exposed or sold on the Dark Web .
The first case of this modality happened in 2019 .
Shortly after , in 2020 , triple extortion began to make the news , which takes double extortion a step further , taking advantage of confidential information about customers , relatives or other entities related to the victim .
This is an advanced level of blackmail that starts from the attack on the organization to , at another time , trigger actions pulverized by all the people who had their data exposed .
In recent months , cybercriminals have introduced yet another technique to their arsenal : unencrypted attacks .
In the face of the overwhelming wave of ransomware affecting Brazil , it has become commonplace for companies to keep backups of their data , and decryption tools are being created to neutralize ransomware variants . This advocacy has changed digital gangs . Thus , instead of going through the time-consuming process of data encryption , threat actors are skipping this step altogether .
The focus now is on gaining access to sensitive data and threatening to release it to the public or auction it off .
An unencrypted attack relies more on psychological pressure to coerce victims into paying the ransom . Its speed , simplicity and reduced technical complexity , compared to encryption-based attacks , make this technique worrisome . Here are the results of data-free attacks :
• Faster ransom demands . With unencrypted attacks , cybercriminals can demand a ransom more quickly since they eliminate the encryption step . Victims find themselves under heavy pressure to pay and prevent their data from being exposed .
• Reputational damage . The mere threat of data exposure can have a strong impact on businesses . Stolen confidential information , including customer data , financial records or intellectual property , can lead to
INTELLIGENT TECH CHANNELS LATAM
INTELLIGENT TECH CHANNELS
51