By Luis Montenegro, Cybersecurity Lead at SeQure Quantum.
In Latin America, ransomware attacks are not new. The region has spent years leading global statistics on cybersecurity incidents. What has become increasingly evident in recent months is that their impact continues to expose a critical gap: many organizations acknowledge the risk, but have not implemented the measures required to absorb it without affecting their operations.
In this context, the key question is no longer whether an organization will be targeted by an intrusion attempt, but what happens when that attempt materializes. The difference between a contained crisis and a complete operational shutdown does not lie in the attack itself, but in the technical decisions made beforehand.
This type of attack follows a relatively clear pattern. Attackers seek to gain control over critical information, including operational, personal, or strategic data. By doing so, they not only disrupt processes but also create economic and reputational pressure designed to force rapid decisions. However, the real success of extortion does not depend solely on initial access, but on the value that the information retains once compromised.
From a technical perspective, there are two pillars that are decisive in significantly reducing the impact of these incidents, and they must be addressed together.
The first is effective encryption of information, both at rest and in transit. When data is properly encrypted, unauthorized access does not automatically translate into exposure or reuse of the information. The data still exists, but it becomes unreadable and therefore loses its value as a tool for extortion. In these scenarios, paying ransoms ceases to be a relevant variable.
The second pillar is the management of reliable backups: segregated backups, periodically verified, with real recovery capabilities. It is not enough to have backups; they must be protected from the same event affecting the production environment and must allow operations to be restored without reliance on the attacker. Implementing only one of these measures leaves a single point of failure that ransomware is designed to exploit.
Added to this equation is a factor that is often underestimated: the technological horizon of encryption. Many of the mechanisms that protect information today were designed under computational assumptions that are changing. In 2024, NIST formalized the first post-quantum cryptography standards, incorporating algorithms such as ML-KEM for key exchange and ML-DSA for digital signatures, designed to withstand decryption capabilities that current systems will not be able to counter.
This milestone does not respond to an abstract future threat, but to the need to protect information today that must remain confidential for years. In the context of ransomware, strengthening architecture with a quantum-safe approach structurally reduces the value of compromised data and limits the impact of attacks that seek to exploit information today in order to extort tomorrow.
In cybersecurity, assuming that intrusion attempts will occur is not alarmism, it is technical rigor. An organization’s resilience is not measured by the absence of attacks, but by its ability to continue operating, protect its information, and retain control when they happen. Preparing for this scenario is no longer a strategic option; it is a basic requirement for continuity and digital trust.