Latin America Hit Hardest by Ransomware in 2025, Kaspersky Report Reveals
Latin America emerged as the global epicenter of ransomware attacks in 2025, with 8.13% of organizations in the region affected making it the most targeted area worldwide, according to Kaspersky’s State of Ransomware in 2026 report. The surge in attacks is attributed to threat actors adopting sophisticated tactics, including the weaponization of legitimate administrative tools, exploitation of remote-access infrastructure, and the use of post-quantum cryptography to evade detection and strengthen encryption.
Cybercriminal groups have grown more organized, leveraging trusted software to infiltrate systems undetected before deploying ransomware or exfiltrating data for extortion. While the overall number of attacks slightly declined compared to 2024, individual incidents became far more severe, with attackers prioritizing high-value targets to maximize disruption and financial gain.
Regional and sector-specific impacts were stark:
- Latin America led globally in attack density, followed by Asia-Pacific, Africa, the Middle East, the CIS, and the EU.
- Manufacturing suffered the worst losses in early 2025, with damages estimated at $18 billion due to production halts and supply chain disruptions.
- By late 2025, attackers shifted focus to financial institutions and educational organizations, exploiting their sensitive data and urgency to restore services.
Key ransomware groups active in Latin America included ShinyHunters, Qilin, RansomHub, and LockBit, alongside the emergence of Gentleman ransomware, a newer threat actor known for aggressive campaigns. The report highlights that uneven cybersecurity preparedness, outdated infrastructure, and rapid digital transformation without proportional security investments made emerging markets prime targets.
Source: https://www.cybersecurity-insiders.com/ransomware-attacks-makes-latin-america-top-in-the-list/
ExtraHop cybersecurity rating report: https://www.rankiteo.com/company/extrahop-networks
Cyber Security News cybersecurity rating report: https://www.rankiteo.com/company/securitynews
"id": "EXTSEC1779215936",
"linkid": "extrahop-networks, securitynews",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': ['Manufacturing', 'Finance', 'Education'],
'location': 'Latin America',
'type': ['Manufacturing',
'Financial institutions',
'Educational organizations']}],
'attack_vector': ['Weaponization of legitimate administrative tools',
'Exploitation of remote-access infrastructure',
'Post-quantum cryptography'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': 'Sensitive data (financial, '
'educational)'},
'date_detected': '2025',
'date_publicly_disclosed': '2026',
'description': 'Latin America emerged as the global epicenter of ransomware '
'attacks in 2025, with 8.13% of organizations in the region '
'affected. The surge in attacks is attributed to threat actors '
'adopting sophisticated tactics, including the weaponization '
'of legitimate administrative tools, exploitation of '
'remote-access infrastructure, and the use of post-quantum '
'cryptography to evade detection and strengthen encryption. '
'Cybercriminal groups leveraged trusted software to infiltrate '
'systems undetected before deploying ransomware or '
'exfiltrating data for extortion. While the overall number of '
'attacks slightly declined compared to 2024, individual '
'incidents became far more severe, with attackers prioritizing '
'high-value targets to maximize disruption and financial gain.',
'impact': {'financial_loss': '$18 billion (manufacturing sector alone)',
'operational_impact': ['Production halts',
'Supply chain disruptions']},
'initial_access_broker': {'high_value_targets': True},
'lessons_learned': 'Uneven cybersecurity preparedness, outdated '
'infrastructure, and rapid digital transformation without '
'proportional security investments made emerging markets '
'prime targets.',
'motivation': ['Financial gain', 'Data extortion'],
'post_incident_analysis': {'root_causes': ['Uneven cybersecurity preparedness',
'Outdated infrastructure',
'Rapid digital transformation '
'without proportional security '
'investments']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': ['ShinyHunters',
'Qilin',
'RansomHub',
'LockBit',
'Gentleman ransomware']},
'references': [{'source': 'Kaspersky’s State of Ransomware in 2026 report'}],
'threat_actor': ['ShinyHunters',
'Qilin',
'RansomHub',
'LockBit',
'Gentleman ransomware'],
'title': 'Latin America Hit Hardest by Ransomware in 2025',
'type': 'Ransomware'}