Ransomware Attacks on the Rise in Mexico
According to Kaspersky’s telemetry, Mexico experienced 237,000 ransomware attack attempts between August 2024 and July 2025, positioning it as one of the most affected markets in Latin America, second only to Brazil.
Regional Context and Statistics
In the same period, Latin America accumulated over 1.1 million ransomware attack attempts, averaging around 3,000 per day and two per minute. Brazil led with 549,000 attacks, followed by Mexico (237,000), Chile (43,000), Ecuador (37,000), and Colombia (35,000). The region reported a 7% interannual decrease compared to the previous year.
Law Enforcement Impact
The statistical decline can be partly attributed to law enforcement actions disrupting criminal infrastructure. One significant blow was the arrest of Phobos group members and seizure of over 100 servers used for orchestrating attacks, which dismantled part of their network. Phobos was among the most active families in the region, impacting 4.44% of Latin American organizations.
Ransomware Variants in Mexico
In Mexico, the detected families map indicates a combination of classic variants and newer lineages. Blocker (MSIL) accounts for 39.72% of detections, while Blocker (Win32) makes up 29.11%. Convagent follows with 10.76%. Despite law enforcement actions, Phobos still represents 2.38% of the total families observed in Mexico.
Industries Most Affected
The sectorial distribution of attacks confirms that industry is the primary target in Mexico. Manufacturing processes account for 22.91% of incidents, surpassing government (13.39%), retail and wholesale (6.16%), and discrete manufacturing (6.06%) among other sectors.
Regional Comparison
This pattern aligns with Kaspersky’s regional reading: in Brazil and Mexico, the industrial sector is the most targeted, while countries like Argentina, Chile, or Peru focus on government entities.
Additional Mobile Threats
Alongside ransomware, Mexico recorded 411,000 mobile attacks blocked in the past year and growing pressure from fraudulent loan apps. These malicious applications alone accumulated 363,000 blocks in the most recent year.
Impact and Recommendations
Ransomware’s impact knows no organization size. It has forced centenarian companies to close and caused bankruptcies in the healthcare sector following massive leaks, eroding public trust and difficult-to-reverse reputational damage. Public databases, technology firms, and mixed companies have also been compromised.
- Question: What is ransomware, and how does it affect organizations?
- Question: Which sectors in Mexico are most affected by ransomware attacks?
- Question: What measures can organizations take to mitigate ransomware risks?
Answer: Ransomware is a malicious program that encrypts or blocks computer files, preventing access until a ransom is paid. It targets individuals, businesses, or governments, potentially paralyzing entire operations if proper backups or response plans are absent.
Answer: The manufacturing sector is the primary target in Mexico, accounting for 22.91% of ransomware incidents.
Answer: Kaspersky recommends applying patches and updates consistently on endpoints and servers, reinforcing internal information handling policies, and maintaining offline, encrypted backups with access controls for data recovery even if networks are encrypted by attackers.
Future Threat Landscape
Kaspersky anticipates the proliferation of ransomware-as-a-service (RaaS), along with the rise of stealers and new threats based on blockchain technology. Essentially, criminal offerings will continue to professionalize and lower the barrier for less technically sophisticated groups.
