The latest case linked to the Scattered LAPSUS$ Hunters collective—particularly the identification of one of its admins known as "Rey"—highlights something we at TecnetOne witness daily: small and medium-sized businesses (SMBs) remain one of the most attractive targets for criminal groups. Not because they have less to steal, but because breaking in is far easier.
When you take a closer look at how this group operated, you understand why so many Mexican SMBs keep falling victim to ransomware, data theft, and extortion. No sophisticated hacker tools are needed—just a phone call, a weak password, or an untrained employee.
This case is a powerful reminder that the issue isn’t a lack of technology—it’s a lack of preparation.
In many businesses, cybersecurity means nothing more than antivirus software and a “kind of strong” password. And that’s enough for a basic cybercriminal to do serious damage.
Scattered LAPSUS$ Hunters didn’t rely on advanced vulnerability exploitation. Their strategy was much simpler—and more effective:
That’s the reality. SMBs don’t fall because hackers are geniuses—they fall because their staff lack the tools to spot a scam.
With no cybersecurity culture, a single human mistake can expose everything: admin systems, email, clients, finances, and internal data.
One alarming trend revealed by this case is the deliberate recruitment of insiders. Scattered LAPSUS$ Hunters offered money to employees in exchange for:
And the uncomfortable truth is that many Mexican businesses lack real safeguards against this:
In a country with high job turnover and financial pressure, cybercriminals know finding a willing insider isn’t hard. If you don’t secure your internal access, you become an easy target.
Learn more: Guide to Choosing the Ideal SOC for Your Business
What makes SMBs vulnerable today is how cybercrime has professionalized. No coding skills or infrastructure needed.
The RaaS (Ransomware-as-a-Service) model changed everything:
This lets hundreds of new groups launch every year—each capable of impacting thousands of small businesses at once.
In Mexico, attackers know what to look for: outdated equipment, unpatched systems, untrained users, weak access, and lack of backups.
It’s not about massive paydays—it’s about attacking 20 or 50 SMBs and collecting small but consistent ransoms.
Scattered LAPSUS$ Hunters used a cruel yet effective tactic: posting stolen data on leak sites to pressure victims into paying.
For an SMB, the impact is brutal:
The worst part? Most SMBs don’t have:
If your data is leaked because one employee was tricked, the damage can be more destructive than a fire in your office.
“Rey,” the admin of the group, wasn’t caught by cutting-edge surveillance or AI.
He was arrested due to simple mistakes:
The takeaway? If even major cybercriminals make these mistakes, average companies have zero room for error.
You’re not at risk because hackers are brilliant—you're at risk because you're unprepared.
Similar titles: Cybersecurity in 2025: How It Affects Your Organization
This case confirms something we repeat constantly at TecnetOne:
SMBs aren’t vulnerable due to a lack of budget—but because of a lack of strategy.
The most common issues:
These are not problems solved by antivirus software. They’re solved by building a security culture.
If you’re a business owner, executive, or security lead at an SMB, here’s the message:
Your company can be attacked any day—even by a teenager on the other side of the world.
But here’s the hopeful truth:
Your defense is within reach.
You don’t need millions of pesos or complex tech. You need to:
Cybersecurity is no longer a luxury. It’s a requirement for staying in business.
At TecnetOne, we help SMBs understand this—before it’s too late.