Rhysida Ransomware Group Claims Breach of Peruvian Government, Authorities Deny Compromise
The Rhysida ransomware gang has added the Peruvian government to its data leak site, alleging a breach of the gob.pe portal and demanding a 5 Bitcoin ransom (approximately $471,000). The group claims to have exfiltrated sensitive documents, though Peru’s Ministry of Government and Digital Transformation has firmly denied any compromise of its primary digital platform.
In a statement, the government confirmed that www.gob.pe remains fully operational and dismissed reports of a domain hijacking as inaccurate. However, it acknowledged a separate cyberattack targeting www.satp.gob.pe, the tax administration website for the regional capital Piura. The attack, which occurred in late March 2025, briefly disrupted operations but was resolved within 48 hours. Authorities stated no data was stolen during the incident.
The National Center for Digital Security (CNSD) responded by activating preventive measures and launching an investigation in coordination with national and international entities. The agency is also working directly with the affected institution to assess the scope of the attack. While Rhysida’s claims remain unverified, the incident underscores ongoing cyber threats to government infrastructure in the region.
Peruvian Government TPRM report: https://www.rankiteo.com/company/gobiernodelperu
"id": "gob1771986629",
"linkid": "gobiernodelperu",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Public Sector',
'location': 'Peru',
'name': 'Peruvian Government (gob.pe)',
'type': 'Government'},
{'industry': 'Tax Administration',
'location': 'Piura, Peru',
'name': 'Servicio de Administración Tributaria de '
'Piura (SATP)',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'Alleged by Rhysida',
'sensitivity_of_data': 'High (alleged)',
'type_of_data_compromised': 'Sensitive documents (alleged)'},
'date_detected': '2025-03',
'date_resolved': '2025-03',
'description': 'The Rhysida ransomware gang has added the Peruvian government '
'to its data leak site, alleging a breach of the *gob.pe* '
'portal and demanding a 5 Bitcoin ransom (approximately '
'$471,000). The group claims to have exfiltrated sensitive '
'documents, though Peru’s Ministry of Government and Digital '
'Transformation has firmly denied any compromise of its '
'primary digital platform. The government confirmed a separate '
'cyberattack on *www.satp.gob.pe*, the tax administration '
'website for Piura, which was resolved within 48 hours with no '
'data stolen.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'ransomware claims',
'data_compromised': 'Sensitive documents (alleged)',
'downtime': '48 hours',
'operational_impact': 'Brief disruption of tax administration '
'services',
'systems_affected': 'www.satp.gob.pe (brief disruption)'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Alleged',
'ransom_demanded': '5 Bitcoin (~$471,000)',
'ransomware_strain': 'Rhysida'},
'references': [{'source': 'Cybersecurity news report'}],
'response': {'communication_strategy': 'Public denial of primary platform '
'compromise, acknowledgment of '
'secondary attack',
'containment_measures': 'Activated preventive measures',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Resolved within 48 hours'},
'stakeholder_advisories': 'National Center for Digital Security (CNSD) '
'coordinating investigation',
'threat_actor': 'Rhysida ransomware group',
'title': 'Rhysida Ransomware Group Claims Breach of Peruvian Government',
'type': 'Ransomware'}