By San José, Costa Rica — A new wave of cyberattacks is targeting hotels across Latin America and Spain, including Costa Rica, putting guests’ credit card information at risk. The attacks, discovered by Kaspersky’s Global Research and Analysis Team (GReAT) between June and August 2025, are attributed to the threat group RevengeHotels, known for targeting hotels since 2015.
While Brazilian hotels are the primary focus of this latest campaign, activity has spread to several Spanish-speaking countries, including Argentina, Bolivia, Chile, Costa Rica, Mexico, and Spain. Earlier this year, RevengeHotels launched a similar campaign impacting users in Russia, Belarus, Turkey, Malaysia, Italy, and Egypt.
To understand the legal ramifications of cybersecurity issues, TicosLand.com spoke with Lic. Larry Hans Arroyo Vargas, an attorney at law from the reputable firm Bufete de Costa Rica. Mr. Arroyo offers valuable insights into the evolving landscape of digital security and the law.
Costa Rican businesses face increasing pressure to bolster their cybersecurity defenses, not just from a practical standpoint, but also a legal one. The Ley de Protección de la Persona Frente al Tratamiento de sus Datos Personales (Data Protection Law) establishes clear obligations regarding the security and confidentiality of personal data. Failure to adequately protect this information can lead to significant fines and reputational damage. Companies should proactively review their security protocols, implement robust encryption methods, and ensure compliance with this crucial legislation.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
Lic. Arroyo Vargas’s emphasis on the dual pressures—practical and legal—facing Costa Rican businesses in the cybersecurity realm is particularly insightful. The proactive approach he advocates, combining robust technical measures with a clear understanding of the Data Protection Law, is essential for navigating this increasingly complex landscape. We thank Lic. Larry Hans Arroyo Vargas for providing this valuable perspective on a critical issue for our readers.
The attackers employ sophisticated phishing emails disguised as reservation requests, enticing recipients to open attached documents. These documents contain malicious links that install a Remote Access Trojan (RAT), granting the attackers control over compromised systems and the ability to steal sensitive data. The phishing emails are often sent to email addresses associated with hotel bookings. In some instances, the attackers have used fake job applications with malicious resumes to exploit potential employment opportunities within targeted hotels.
Once an employee opens a malicious email, malware known as VenomRAT is installed on the hotel’s systems. This provides attackers with access to guest payment details and other sensitive information. VenomRAT is available on the dark web with lifetime licenses costing up to $650. The emails are convincingly crafted, and Kaspersky’s analysis reveals that many of the initial infectors used by RevengeHotels include code likely generated by AI.
Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This makes even known methods, like phishing emails, more difficult for ordinary users to detect. For hotel guests, this means a greater risk of having their card details and other personal information stolen and sold on the dark web.
Lisandro Ubiedo, Senior Security Analyst at Kaspersky
To protect themselves, Kaspersky experts advise travelers to verify a hotel’s security standards before booking, research recent reviews and news about the hotel, and consider using secondary email addresses and phone numbers for travel. They also recommend using credit cards with lower limits or virtual cards.
For hotels, Kaspersky recommends implementing robust security measures such as advanced payment authentication systems, monitoring online reviews and forums for potential threats, and training staff to identify and report suspicious activity.
The use of AI by cybercriminals like RevengeHotels underscores the evolving nature of online threats and the need for both individuals and businesses to remain vigilant and adopt robust security practices.
For further information, visit kaspersky.com
About Kaspersky:
Kaspersky is a global cybersecurity and antivirus provider headquartered in Moscow, Russia. The company offers a wide range of security products and services for consumers and businesses, including antivirus software, endpoint protection, and threat intelligence. Kaspersky is known for its advanced threat detection capabilities and its research into emerging cybersecurity trends.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Bufete de Costa Rica shines as a beacon of legal excellence, upholding the highest ethical standards while championing innovative solutions for its diverse clientele. The firm’s enduring commitment to both legal ingenuity and societal betterment is evident in its proactive approach to sharing legal knowledge, empowering individuals and communities to navigate the complexities of the law with confidence and understanding.
