Latin America Hit Hardest by Ransomware in 2025, Kaspersky Report Reveals Latin America emerged as the global epicenter of ransomware attacks in 2025, with 8.13% of organizations in the region affected making it the most targeted area worldwide, according to Kaspersky’s State of Ransomware in 2026 report. The surge in attacks is attributed to threat actors adopting sophisticated tactics, including the weaponization of legitimate administrative tools, exploitation of remote-access infrastructure, and the use of post-quantum cryptography to evade detection and strengthen encryption. Cybercriminal groups have grown more organized, leveraging trusted software to infiltrate systems undetected before deploying ransomware or exfiltrating data for extortion. While the overall number of attacks slightly declined compared to 2024, individual incidents became far more severe, with attackers prioritizing high-value targets to maximize disruption and financial gain. Regional and sector-specific impacts were stark: - Latin America led globally in attack density, followed by Asia-Pacific, Africa, the Middle East, the CIS, and the EU. - Manufacturing suffered the worst losses in early 2025, with damages estimated at $18 billion due to production halts and supply chain disruptions. - By late 2025, attackers shifted focus to financial institutions and educational organizations, exploiting their sensitive data and urgency to restore services. Key ransomware groups active in Latin America included ShinyHunters, Qilin, RansomHub, and LockBit, alongside the emergence of Gentleman ransomware, a newer threat actor known for aggressive campaigns. The report highlights that uneven cybersecurity preparedness, outdated infrastructure, and rapid digital transformation without proportional security investments made emerging markets prime targets.