Politics of Ransomware: A Latin-American Approach

Politics of Ransomware: A Latin-American Approach

Nicolas Luna
Carola López
Politics of Ransomware: A Latin-American Approach
Image by TNGO Illustrator Francis Irabor

Earlier this year, United States DHS Secretary, Alejandro Mayorkas, stated that ransomware has risen to be considered a national security threat. These comments rekindled an interest in cybersecurity issues, drawing special attention to the damage cyber-attacks can have on a political level.

Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts notify users that the system has been locked or that files were encrypted.

Traditionally, ransomware targeted companies and consumers only as the attacks are carried out primarily for profit-based motives. Although this still remains true, they are evolving, targeting governments worldwide. Last year alone, 2,400 US-based public-sector entities were affected with payments totaling 350 million dollars.

Nevertheless, ransom attacks do not solely translate into financial costs for governments. Critical infrastructure, loss of public data by encryption, and national health systems are also at risk. If developed countries seem to be struggling with this phenomenon, where are Latin-American countries standing and how can they undertake the threat of ransomware?

The Current State of Things in Latin America

Evolving Threats to Critical Infrastructure. Source: Medium

In Latin America, the most common attacks are associated with data leaks. Just a couple of weeks ago the information of more than 1 million military servicemen and women of various national defense agencies were leaked. The data purports to contain the full names, civil status, gender, precise address, telephone numbers, email, and rank of the affected individuals.

A similar incident was reported in August 2019 when hackers leaked 700 GB of data including confidential documents, wiretaps, and biometric information from the Argentine Federal Police. In the same year, the Argentine government acknowledged a ransomware attack that restricted 7,700 GB of data. 

In the current scope of things, there are two ongoing issues. The first one is legislation. In Latin American countries, regulations over cybersecurity and cyberattacks seem good in theory, but not in practice.

Within national strategies, there is a tendency to raise awareness about the dangers of online spaces, with calls for international cooperation and an emphasis on the importance of building robust security architectures; yet this awareness rarely translates into public policy. For example, the creation of the Argentinian Information-Security Committee in 2005 was followed by a 9-year gap until the Joint Cyber ​​Defense Command (which primarily responds to containing the availability and integrity of critical infrastructures) was founded. 

When it comes to cybersecurity the “natural pace” of policymaking falls short. Another obstacle is the overlapping nature of cyberspace, which spawns into an attribution-retaliation dilemma: who is responsible for the attacks and how should victims react?

Since hiding traces is relatively easy for perpetrators, attribution in ransomware attacks is highly difficult. When attempting to work out who may be behind an attack, analysts assess two things: indicators of compromise (IoCs) and attackers’ tactics, techniques, and procedures (TTPs). However, attacker infrastructure, like IP addresses and domains, can be easily forged or generated in a manner which will shield their real identity. Ergo, it is not uncommon that an important number of attacks happen anonymously. 

After an attack, the “victim” country needs to assess the capabilities, intentions and characteristics of potential aggressors and only then decide if it is worth announcing the findings of a security breach and its alleged responsibility. 

This scenario causes great danger for states, because deciding to retaliate can be a political bargain if the perpetrator is not confirmed. Specialists still debate about whether the retaliation of cyberattacks has to happen within the cyber realm or in a kinetic way, especially if the perpetrator remains unknown.

The attribution-retaliation dilemma has led to question of whether cyberattacks are a matter of defence or national security; or both. Most Latin American systems make the distinction between two different types of regulations for National Defense and National Security. Hence, this entitlement issue can deepen countries’ vulnerabilities when it comes to ransomware attacks, simply by being unclear about who should act upon them.

Regional Cooperation as a Possible Solution

Politics of Ransomware: A Latin-American Approach
Ransomware cryptoworm WannaCry on-screen alert. Source: Avast

According to recent studies, in the first semester of 2021, Latin America suffered more than 91 million cyberattack attempts. These studies indicate that ransomware is showing a steady increase in frequency. The average weekly ransomware activity in June 2021 was ten times higher than a year ago.

The telecommunications sector was the most targeted, followed by government institutions and the automotive and manufacturing sectors. This data shows that ransomware remains a very present risk for all types of organizations, regardless of industry or size.

The fast changing pace of cybercrime calls for quick action. Regional cooperation and aligned regulations seem like a good alternative to prevent cyberattacks and ensure the cybersecurity of states. In particular for Latin American countries, which may not have the resources or structures individually, a regional system that shares cybersecurity capabilities could reduce ransomware risks and attacks.

Currently, the closest thing to a regional approach is the Inter-American Cybercrime Cooperation Portal steered by the Organization of American States (OAS). However, it is not a political strategy of international cooperation. Instead, it seeks to strengthen hemispheric cooperation in the investigation and prosecution of cybercrimes. Therefore, it deals with the crime once it already happened and does not create policies of prevention. 

Regional organizations such as OAS or Mercosur can be of great use as they already have a history of successful multilateral cooperation. Developing a regional policy in cybersecurity issues can be fundamental to prepare and prevent the political and economical costs of ransomware.

  • How can national governments be encouraged to pursue regional cooperation as a strategy against ransomware? 
  • How long can current cyberattack guidelines remain useful to tackle ransomware when it is such a mutable threat?
  • Can ransomware become a political weapon used between countries? 

Suggested Readings

Subramanian, S; Renneker, P; Powers, D; Mariani, J; Keyal, A; Routh, A. (2020) “Ransoming Government – What state and local governments can do to break free from ransomware attacks” Deloitte Center for Government Insights, March 20, 2020.

Lohrmann, Dan. (2021) “As Ransomware Surge Continues, Where Next for Government?” Government Technology, July 18, 2021.

Forno, Richard. (2020) “How can Ransomware interfere with elections and fuel disinformation” The Conversation, October 29, 2020.

Leave a Reply

Your email address will not be published. Required fields are marked *

Politics of Ransomware: A…

by Carola López time to read: 4 min