Linkedin-in Search
Ransomware behind attacks in Latin America ANIDA LATAM Forbes Staff

The ransomware that could be behind the attacks on the Army and Latin American companies

October 05, 2023 - By Editor - Forbes Staff

Rhysida is the new ransomware group putting organizations and governments on alert on a global scale.

A new ransomware group is becoming known for its ability to infiltrate government and military organizations in Latin America. Rhysida, as it has been dubbed, uses multiple threads to compromise files and directories, employing a combination of RSA and AES algorithms for data encryption. Once executed on the system, the extensions of the affected files will have been changed to .rhysida.

Ransomware Attack on Military and Companies in Latin America ANIDA LATAM Forbes Staff

Subsequently, a file named CriticalBreachDetected.pdf will open on the system, alerting of the attack.

This new ransomware group became known last May 17 when it attacked Chilean institutions. Since then, attacks have been reported in other countries, the most affected being Brazil, with more than 30 detections. The other countries affected are China, Israel and the United States.

Although the initial access vector used by Rhysida has not yet been identified, it is "quite likely" to be through brute-force attacks on VPNs or remote access protocols (RDPs), with the aim of obtaining employee and civil servant credentials. Brute-force attacks attempt to crack a password or username, applying trial and error until the right combination is found.

How does it work and how dangerous is it?

"In recent years we have seen ransomware become a big problem that anyone could face and it continues to proliferate in Latin America and the rest of the world. Although the blackmailers have increasingly focused on public organizations and businesses, no one is safe."

Fabio Assolini,
Director of the Research and Analysis Team for Latin America at Kaspersky.

This malware searches a victim's hard drive for valuable information (such as documents, graphics, images and databases) and encrypts everything it finds, locking the files. Upon infection, the ransomware displays a message asking for payment in exchange for restoring the data.

These groups that develop the ransomware sell it to cybercriminals focused on carrying out the attacks. The profit is shared between the developer (20% - average) and the attacker (80% - average), Assolini points out.

Today we open a new step in the business as part of a new stage and strategy that comes to meet the needs of the market and the demands of our customers. Learn more about us here

We share our innovation ideas on LinkedIn

Share on

Related News

Technology does not wait for IT talent

Cyber incidents caused by the "human factor" are often attributed to occasional employee error, but a more important element is often overlooked: deliberate malicious behavior by staff.

Insider Threats: Malicious employees impact corporate cybersecurity

Cyber incidents caused by the "human factor" are often attributed to occasional employee error, but a more important element is often overlooked: deliberate malicious behavior by staff.

26 billion worth of data stolen in what experts call 'The mother of all leaks'

The leak contains user data from LinkedIn, Twitter, Weibo, Tencent and other platforms,
is almost certainly the largest ever discovered.

Contact us!

CHILE
(+562) 2591 9900

Hours of operation 9:00 - 19:00

OFFICE
Galvarino Gallardo 2150
Providencia - Santiago

Email [email protected]

PERU
(+511) 480 1123

Hours of operation 9:00 - 18:00

OFFICE
Cal. German Schreiber N° 276
San Isidro - Lima

Email [email protected]

USA
(+1) 305 200 8712

Hours of operation 9:00 - 18:00

OFFICE
2525 Ponce de Leon Blvd Suite 300
Coral Gables - Florida

Email [email protected]

Subscribe to our Newsletter

The best and most relevant information about the IT industry in Latin America in one place and directly to your inbox.

original anida logo
Linkedin Youtube
  • Copyright © 2024 ANIDA
Contact us at
close slider