Cryptojacking and Ransomware Cases Grow in Mexico

Published at: July 22, 2020

Mexican users of public cloud networks report a surge in cryptojacking and ransomeware attacks in recent months.

According to El Economista, almost three quarters of Mexican companies that use cloud networks including Amazon, Google and Microsoft, report security incidents resulting in negative perceptions by citizens. Less than a third of the locals fully trust cloud network security.

Ransomware attacks 

Security weaknesses allow threat actors to deploy other crypto-related attacks like ransomware, including a recent case where an oil company, Pemex, was targeted by the DoppelPaymer gang.

The report says that Mexican companies have been reporting instances where unknown cybercriminals are using their cloud computing resources to mine cryptocurrencies — known as ‘cryptojacking’. However, no major details were provided about which cryptos are mined.

Alain Karioty, general sales manager for Latin America of cybersecurity firm Netskope, told El Economista that such attacks result from the lack of knowledge among companies regarding security measures for cloud computing.

Leonardo Granda, manager of engineering at Sophos in Latin America, commented on the security flaws within the public network that allow the data loss:

“This data loss is often due to poorly configured public access in shared cloud storage and by leaving data sources open for cyber attackers to search for them using tools such as the specialized search engine Shodan they can exfiltrate them.”

Cybercriminals target Latin American countries 

Another study unveiled on May 28 by the National Police of Colombia shows that ransomware attacks are a rising trend across the country.

The report notes that 30% of all ransomware attacks within Latin America have specifically targeted Colombia, where threat actors have been targeting public entities.

Tags
Related Posts
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Ransomware Gang Seeks Million Dollar PayDay
A malware group called Evil Corp is reportedly back in action, having recently launched a new ransomware which asks its victims to pay a million dollar ransom. The group had previously gone quiet after the U.S. Department of Justice charged some of its members in December 2019. According to a report published on June 23 by the cybersecurity firm Fox-IT, a division of NCC Group, Evil Corp has been active since 2007 — the group is considered to be one of the biggest cybercrime teams on the internet. They are known for using the Dridex malware and BitPaymet ransomware. U.S. …
Technology / June 23, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
A New Ransomware Deploys Human-Operated Attacks Against Healthcare Sector
Microsoft's security team revealed a new ransomware that is deployed in human-operated attacks. It uses "brute force" against a target company's systems management server, and mainly has targeted the healthcare sector amid the COVID-19 crisis. According to a series of tweets published by the tech giant on May 27, the human-operated ransomware attack, named "PonyFinal", requires hackers to break the security scheme of corporate networks in order to deploy the ransomware manually. That means PonyFinal doesn't rely on tricking the users into launching the payload through phishing links or emails. A Java-based ransomware attack The Java-based Pony Final deploys a …
Technology / May 28, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020