Peru’s Government Denies Major Ransomware Breach as Rhysida Gang Claims Attack
Peru’s government has refuted claims by the Rhysida ransomware gang that it compromised the country’s federal digital platform, gob.pe. In a statement released on Thursday, the Ministry of Government and Digital Transformation acknowledged an attack on the tax administration website of the regional capital, Piura, but insisted the national portal remained secure.
The Rhysida gang, known for targeting governments worldwide, posted on its leak site demanding a 5 bitcoin ransom (approximately $472,000) and shared documents allegedly stolen from Peru’s systems. The group has previously breached governments in Kuwait, the Dominican Republic, the U.S., and Portugal, as well as local entities, including disruptive attacks on Columbus and Seattle.
Peruvian authorities confirmed that the National Digital Security Department (CNSD) activated preventive measures upon detecting the incident. Meanwhile, Piura’s Tax Administration Service admitted to a cyberattack on March 29, which disrupted operations for 48 hours before services were restored. Officials denied any data theft but reported the incident to local prosecutors.
Federal authorities emphasized the need for all cyber incidents to be reported to the CNSD and urged the public to rely only on verified government sources to avoid misinformation. The incident follows heightened cybersecurity concerns in Peru after a major bank breach in October exposed data from up to 3 million customers.
Rhysida has gained notoriety for its aggressive tactics, targeting critical sectors such as healthcare, charities, and public institutions. The group’s latest claims against Peru remain under investigation.
Source: https://therecord.media/peru-rhysida-ransomware-claims-denied
Ministry of Digital Transformation of Ukraine cybersecurity rating report: https://www.rankiteo.com/company/ministry-of-digital-transformation-of-ukraine
Presidency of the Council of Ministers cybersecurity rating report: https://www.rankiteo.com/company/presidency-of-the-council-of-ministers
RECOLECC cybersecurity rating report: https://www.rankiteo.com/company/recolecc-peru
"id": "MINPREREC1768390463",
"linkid": "ministry-of-digital-transformation-of-ukraine, presidency-of-the-council-of-ministers, recolecc-peru",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Public Sector',
'location': 'Peru',
'name': 'Peru Government (gob.pe)',
'type': 'Government'},
{'industry': 'Tax Administration',
'location': 'Piura, Peru',
'name': 'Tax Administration Service of Piura',
'type': 'Government'}],
'customer_advisories': 'Peruvians advised to rely only on official government '
'sources for information and avoid messages that may '
'generate confusion or alarm.',
'data_breach': {'data_exfiltration': 'Alleged by Rhysida',
'type_of_data_compromised': 'Documents allegedly stolen'},
'date_detected': '2024-03-29',
'date_resolved': '2024-03-31',
'description': 'Peru’s government denied claims that its federal digital '
'platform was taken over by the Rhysida ransomware gang, which '
'demanded a 5 bitcoin ransom. The gang alleged access to the '
'government portal gob.pe and shared stolen documents. The '
'government confirmed a cyberattack on the tax administration '
'website of regional capital Piura but denied data theft.',
'impact': {'brand_reputation_impact': 'Potential confusion and alarm among '
'citizens',
'data_compromised': 'Documents allegedly stolen from gob.pe',
'downtime': '48 hours',
'operational_impact': 'Impacted operations of Piura’s Tax '
'Administration Service',
'systems_affected': 'Tax administration website of Piura'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Alleged',
'ransom_demanded': '5 bitcoin (~$472,000)',
'ransomware_strain': 'Rhysida'},
'recommendations': 'State-level entities must report cyber incidents to the '
'National Centre for Digital Security; citizens should '
'rely only on official government sources for information.',
'references': [{'source': 'Peru Ministry of Government and Digital '
'Transformation'},
{'source': 'Rhysida ransomware gang’s leak site'},
{'source': 'Tax Administration Service of Piura'}],
'regulatory_compliance': {'regulatory_notifications': 'Incident reported to '
'National Centre for '
'Digital Security'},
'response': {'communication_strategy': 'Official statements warning citizens '
'to rely only on government sources',
'containment_measures': 'Preventive alerts activated by the '
'National Digital Security Department '
'(CNSD)',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Reported to Piura’s provincial '
'prosecutor’s office',
'recovery_measures': 'Service restored in 48 hours'},
'stakeholder_advisories': 'State-level entities urged to report cyber '
'incidents to the National Centre for Digital '
'Security.',
'threat_actor': 'Rhysida ransomware gang',
'title': 'Rhysida Ransomware Attack on Peru Government Digital Platform',
'type': 'Ransomware'}