In 2025, ransomware actors received more than $820 million in crypto assets.
“Mexico has an opportunity to change the ransomware economy in the region,” says the firm.
The Institute of Security and Technology (IST), in collaboration with a coalition of strategic partners that includes the data analysis firm Chainalysis, Microsoft and Mastercard, announced the launch of the Ransomware Working Group in Mexico.
This initiative aims to establish a multi-sector force capable of confronting the growing threat of data hijackingprotect critical infrastructure and strengthen the resilience of the digital economy in the country. The project arises as a direct response to the sophistication of criminal organizations that use the digital environment to extort companies and public institutions.
The operational structure of this new organization is based on the IST Ransomware Task Force model and is organized under four strategic pillars: deter, interrupt, prepare and respond.
According to inform In a press release, the intention is to translate international best practices into actionable recommendations that adjust to the regulatory framework and Mexican operational reality. The collaboration includes multiple agencies of the Government of Mexico, entities from the financial sector, technology companies such as Sophos and Scitum, as well as academic institutions.
The creation of this working group is based on figures on recent criminal activity. According to data provided by Chainalysis, during the year 2025 the actors behind the ransomware received more than $820 million in payments made with digital assets.
Although a trend has been observed in which fewer victims choose to give in to blackmail, attacks reported globally increased by 50% year-on-year, which shows unprecedented aggressiveness on the part of the attackers.
In the local context, Mexico has positioned itself as the second most affected country in the region, facing at least 19 active variants of this malicious software that impact more than 18 different industries.
Jackie Burns Koven, Director of Cyber Threat Intelligence at Chainalysis, says the Mexico Ransomware Task Force has a crucial opportunity to change the ransomware economy in the region. This, “making attacks more difficult, riskier and less profitable, while better protecting communities, businesses and critical services throughout Mexico.”
However, the picture has become even more complex due to the use of artificial intelligence (AI) by cybercriminals, who use this technology to optimize their extortion campaigns and perfect negotiation tactics.
Historically, Mexico has been a frequent victim of hackers who demand payments in bitcoin (BTC) and cryptocurrencies in exchange for releasing hijacked systems, mainly affecting the government sector since 2020, as CriptoNoticias has reported.
With the launch of this working group, Mexico aspires to lead a defense model that can be replicated throughout the Western Hemisphere, transforming the economic dynamics of ransomware and protecting the stability of critical national services.