BleepingComputer reports that organizations around the world are being targeted by expanded ARCrypter ransomware attacks, which originally compromised government agencies in Latin America. Following attacks against a Chile-based government agency and the Colombia National Food and Drug Surveillance Institute, ARCrypter has since impacted entities in the U.S., Canada, Germany, France, and China, according to a BlackBerry report. Despite uncertainties regarding the ransomware's attack vector, BlackBerry researchers discovered that ARCrypter ransomware attacks involved two AnonFiles URLs to facilitate the retrieval of the win.zip archive with an executable that has the BIN and HTML resources, which have encrypted data and ransom note details, respectively. "While we were unable to identify the correct decryption key used for decryption of the BIN resource, we believe with a high degree of certainty that the second payload is the ARCrypter ransomware," BlackBerry said. ARCrypter has been discovered to seek ransoms of varying amounts, with the lowest being $5,000.