From Latin America to the world: ransomware TTPs, prolonged intrusions, and regional adaptation

No ratings

Presented at VB2025 Berlin by

Isabel Manjarrez

Latin America has a distinct cyber threat landscape, presenting a fragmented and heterogeneous IT infrastructure with often outdated systems, limited cyber maturity, and budget constraints, making it an ideal playground for cyber attacks. While ransomware is a global concern, in LATAM, threat actors enjoy extended dwell times, silently navigating networks, studying victim environments, and maximizing damage before encryption is deployed. This not only increases the success rate of the attacks but also enables operators to maintain persistence or monetize access by reselling it. The monetization of unauthorized access has become a growing market in Latin America, often just as profitable as ransomware deployment itself. The ransomware ecosystem has expanded significantly with business models like ransomware-as-a-service (RaaS). From Latin America, a region where the primary motivation for cyber attacks is financial, it's possible to see a different perspective on this ecosystem.