70% of Ransomware Concentrated in Latin America

By William Peña – Journalist, contributor at ITBS

The power of cybercriminals is striking the Latin American region, with particular emphasis on four countries: Brazil, Mexico, Colombia, and Argentina essentially account for more than 70% of ransomware attacks.

The manufacturing, technology, and government sectors are the most affected by a modality that continues to grow. Joining them is the telecommunications sector, another of the hardest hit in the region.

The report titled “Ransomware in Latam; First Semester 2025”, prepared by SCILabs, a threat intelligence unit of Scitum (a cybersecurity company that is part of Claro Empresas and the América Móvil Group), highlights that in the first half of the year, ransomware-related attacks increased by 8.73% compared to the same period in 2024.

By country, Brazil accounted for 33.85% of attacks, followed by Mexico with 15.9%, then Colombia with 11.28%, and Argentina with 10.77%. At the tail end of the most affected is Chile with 6.15%.

By percentage, among the most affected sectors in the region is manufacturing with 14.87%, as a consequence of its high operational connectivity and automation.

Next is Technology with 11.28% of the total, an area that shows the exposure of assets and sensitive data. The Government sector reached 10.77% due to the strategic value represented by public information.

The most active ransomware variants during the period analyzed by SCILabs were Akira, which achieved the highest number of successful attacks; LockBit 4.0, which repositioned itself after the police operation “Cronos” and recently launched version 5.0 in alliance with other cybercrime groups; and in third place, SafePay, a new variant with rapid operations and advanced encryption.