Updated: October 2025
In the last 12 months, Latin America registered more than 1.1 million ransomware attemptsan average of 3,000 attacks per day o 2 every minuteaccording to Kaspersky's "Threat Landscape 2025".
Table of Contents
The most affected countries
The report places Brazil in the lead with 549 thousand attempts, followed by Mexico (237 thousand), Chile (43 thousand), Ecuador (37 thousand) y Colombia (35 thousand).
Although the region shows a slight decrease of 7% compared to 2024, experts warn that the threat has not ceased, it has only been transformed.
Phobos: the group behind the attacks
The arrest of the group's operators Phobosresponsible for one of the most active ransomware families, led to the dismantling of more than 100 compromised servers.
Even so, these types of gangs continue to evolve through more sophisticated encryption and extortion tactics.
A problem beyond governments
Private companies, hospitals, universities and technology startups have all been victims of ransomware, causing temporary closures, economic losses in the millions and leakage of sensitive data.
The lack of backup policies and multi-factor authentication remains the main cause of vulnerability.
Tips to prevent ransomware attacks
Upgrade all your systems and servers.
The updates fix vulnerabilities that attackers exploit.Make automatic backups.
Store your critical data in secure clouds or external servers.Install advanced protection against ransomware.
Solutions of type EDR (Endpoint Detection and Response) o Anti-APT detect suspicious behavior before encryption.Train your team.
70% of the attacks are initiated by fraudulent emails or malicious links.Secure your domains and corporate emails.
Uses certificates SSL and secure platforms such as ClickPandathat protect your digital reputation.
Conclusion
Ransomware attacks show no signs of going away. Although Latin America is making progress in cyber defense, the region remains fertile ground for digital hijacking.
The key is in the prevention, monitoring and rapid response. Companies that act today will avoid being part of tomorrow's statistics.
💡 Protect your business with secure hosting, SSL and automated backup.
Get to know the plans of ClickPanda at clickpanda.com/hosting and keep your systems shielded against ransomware.
Frequently asked questions about ransomware (2025)
1) How many ransomware attacks were registered in Latin America this year?
In the last 12 months more than 1.1 million attemptswhich is equivalent to 3,000 attacks per day y 2 per minute.
2) Which countries concentrated the most attempts?
The top 5 were: Brazil (549 thousand), Mexico (237 thousand), Chile (43 thousand), Ecuador (37 thousand) y Colombia (35 thousand).
3) If attacks are down, why is it still a concern?
The fall is related, among other factors, to the operation against the group Phoboswhich allowed intercept more than 100 serversHowever, experts caution that is not a reliefThe report is not only a call to reinforce prevention due to the evolution of tactics.
4) What types of organizations are most at risk?
This is not a problem exclusive to governments: companies of all sizeshealth, technology, public databases and mixed organizations may suffer. economic losses, leaks and reputational damage.
5) What are the minimum measures to prevent ransomware?
Maintain software and servers up to date.
Automatic backups to retrieve data.
Enable ransomware protection on all devices.
Using EDR/Anti-APT solutions for detection and response.
Train the team and apply MFA. (general good practice).
6) Do I have to pay the ransom if my files are encrypted?
It is not recommended: it does not guarantee the return of data and exposes you to new attacks. Prioritize containment, restore backups y notify security/authorities.
7) What do I do if I am already infected?
Isolates equipment, cuts off access, don't shut down servers without a planstarts incident responseRestore verified backups and review indicators of compromise before returning to production.
8) How does ClickPanda help reduce risk?
With secure hosting, SSL, automated backups and technical support for MFA, hardening and monitoring. This reduces attack surface and recovery time.
