According to the State of Ransomware in 2026 report released by Kaspersky, Latin America emerged as the region most heavily affected by ransomware attacks in 2025. The report revealed that more than 8.13% of organizations operating across the region experienced ransomware-related incidents during the year, placing Latin America at the top of the global list for attack density.
Cybersecurity researchers believe the sharp increase in attacks is largely due to the evolving tactics adopted by threat actors. Modern ransomware groups are no longer relying solely on traditional malware deployment methods. Instead, they are increasingly weaponizing legitimate administrative tools, exploiting remote-access infrastructure, and using advanced technologies such as post-quantum cryptography to strengthen their operations. These methods allow attackers to conceal malicious activities more effectively, disable security protections such as firewalls, and expand the scale and speed of attacks with greater efficiency.
The report further highlights that cybercriminal organizations are becoming more organized and technically sophisticated. By abusing trusted software and network management tools, attackers are able to infiltrate systems while avoiding detection for longer periods. Once access is gained, stolen data is often encrypted or exfiltrated for extortion purposes, causing severe operational and financial damage to targeted businesses.
Data published by Kaspersky indicates that Latin America recorded the highest ransomware attack density globally, followed by the Asia-Pacific region, Africa, the Middle East, the Commonwealth of Independent States (CIS), and the European Union. Experts suggest that many organizations in emerging markets remain attractive targets due to uneven cybersecurity preparedness, outdated infrastructure, and increasing digital transformation efforts that may not always be accompanied by strong security investments.
Although the overall percentage of organizations impacted by file-encrypting malware slightly declined compared to 2024, the report notes that individual ransomware incidents became far more severe and sophisticated. Attackers are now focusing on high-value targets and deploying advanced intrusion techniques that maximize disruption and financial gain. This trend indicates that ransomware groups are prioritizing quality over quantity, concentrating on fewer but more damaging attacks.
Sector-specific analysis conducted jointly by Kaspersky and VDC Research revealed that the manufacturing industry suffered particularly heavy losses during the first quarter of 2025. Ransomware attacks reportedly caused damages estimated at nearly $18 billion in the sector alone. Manufacturing companies remain highly vulnerable because operational downtime can halt production lines, disrupt supply chains, and generate immediate financial losses.
The report also observed a strategic shift in attacker focus later in the year. During the fourth quarter of 2025, cybercriminal groups increasingly targeted financial institutions and educational organizations, sectors often considered lucrative due to the sensitive data they store and the urgent need to restore disrupted services quickly.
Among the most active ransomware groups operating in Latin America during 2025 were ShinyHunters, Qilin, RansomHub, and LockBit. Researchers also identified the emergence of a newer threat actor known as Gentleman ransomware, which has rapidly gained attention for targeting businesses across the region with increasingly aggressive attack campaigns.
Click Here For The Original Source.
